Hello community, here is the log from the commit of package uftpd for openSUSE:Factory checked in at 2019-07-30 12:39:21 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/uftpd (Old) and /work/SRC/openSUSE:Factory/.uftpd.new.4126 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "uftpd" Tue Jul 30 12:39:21 2019 rev:6 rq:719745 version:2.9 Changes: -------- --- /work/SRC/openSUSE:Factory/uftpd/uftpd.changes 2019-06-01 09:51:55.111274741 +0200 +++ /work/SRC/openSUSE:Factory/.uftpd.new.4126/uftpd.changes 2019-07-30 12:39:25.914933313 +0200 @@ -1,0 +2,10 @@ +Mon Jul 29 20:02:51 UTC 2019 - Martin Hauke <[email protected]> + +- Update to version 2.9 + * Check FTP root security after dropping privileges + * Revert insecure default: "writable FTP root", introduced in v2.8 + * Revert part of issue #18 to fix issue #23; "CWD /" doesn't work + * Fix spelling errors found by Lintian + * Fix package description, more formal and less personal + +------------------------------------------------------------------- Old: ---- uftpd-2.8.tar.gz New: ---- uftpd-2.9.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ uftpd.spec ++++++ --- /var/tmp/diff_new_pack.DZVk68/_old 2019-07-30 12:39:26.678933186 +0200 +++ /var/tmp/diff_new_pack.DZVk68/_new 2019-07-30 12:39:26.682933185 +0200 @@ -18,7 +18,7 @@ Name: uftpd -Version: 2.8 +Version: 2.9 Release: 0 Summary: A combined TFTP/FTP server License: ISC ++++++ uftpd-2.8.tar.gz -> uftpd-2.9.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/uftpd-2.8/.gitignore new/uftpd-2.9/.gitignore --- old/uftpd-2.8/.gitignore 2019-05-28 06:22:26.000000000 +0200 +++ new/uftpd-2.9/.gitignore 2019-07-29 10:53:23.000000000 +0200 @@ -10,7 +10,7 @@ Makefile.in aclocal.m4 ar-lib -/autom4te.cache/* +autom4te.cache/* compile config.* configure @@ -18,19 +18,10 @@ install-sh libtool ltmain.sh -misc/ missing stamp-h1 -uftpd -debian/files -debian/uftpd.* TAGS -/GPATH -/GRTAGS -/GSYMS -/GTAGS -/CHANGELOG.html -/README.html -/uftpd.html -/tok -/uftp +GPATH +GRTAGS +GSYMS +GTAGS diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/uftpd-2.8/ChangeLog.md new/uftpd-2.9/ChangeLog.md --- old/uftpd-2.8/ChangeLog.md 2019-05-28 06:22:26.000000000 +0200 +++ new/uftpd-2.9/ChangeLog.md 2019-07-29 10:53:23.000000000 +0200 @@ -4,6 +4,25 @@ All notable changes to the project are documented in this file. +[v2.9][] - 2019-07-29 +--------------------- + +### Changes +- Reduced log level for "Invalid path" and "Failed realpath()" syslog + messages. Only relevant when debugging. For use on the Internet it + will otherwise cause an excessive amount of logs due to GXHLGSL.txt +- Debian packaging fixes and updates: + - Reverts `-o writable`, due to fixing issue #22 + - Fixes failing `dpkg -P uftpd` due to bug in postrm script + +### Fixes +- Issue #21: Check for `pkg-config` before lookging for deps. +- Issue #22: Check FTP root security *after* having dropped privs. + This means no longer having to run with `-o writable` by default +- Issue #23: FTP command `CWD /` does not work, affects all clients. + This is a regression introduced in v2.8 while fixing #18 + + [v2.8][] - 2019-05-28 --------------------- @@ -405,7 +424,8 @@ Lines must end in the old `\r\n` format, rather than UNIX `\n`. -[UNRELEASED]: https://github.com/troglobit/uftpd/compare/v2.8...HEAD +[UNRELEASED]: https://github.com/troglobit/uftpd/compare/v2.9...HEAD +[v2.9]: https://github.com/troglobit/uftpd/compare/v2.8...v2.9 [v2.8]: https://github.com/troglobit/uftpd/compare/v2.7...v2.8 [v2.7]: https://github.com/troglobit/uftpd/compare/v2.6...v2.7 [v2.6]: https://github.com/troglobit/uftpd/compare/v2.5...v2.6 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/uftpd-2.8/Makefile.am new/uftpd-2.9/Makefile.am --- old/uftpd-2.8/Makefile.am 2019-05-28 06:22:26.000000000 +0200 +++ new/uftpd-2.9/Makefile.am 2019-07-29 10:53:23.000000000 +0200 @@ -1,5 +1,5 @@ SUBDIRS = src man -doc_DATA = README.md LICENSE +doc_DATA = README.md LICENSE ChangeLog.md EXTRA_DIST = README.md LICENSE ChangeLog.md ## Generate .deb package diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/uftpd-2.8/README.md new/uftpd-2.9/README.md --- old/uftpd-2.8/README.md 2019-05-28 06:22:26.000000000 +0200 +++ new/uftpd-2.9/README.md 2019-07-29 10:53:23.000000000 +0200 @@ -58,8 +58,8 @@ Set `PORT` to zero (0) to disable either service. -By default, uftpd will exit if it detects the FTP root is writable. To -allow writable FTP root: +New sessions are droppbed by default if uftpd detects the FTP root is +writable. To allow writable FTP root: uftpd -o writable PATH @@ -105,14 +105,25 @@ and [lite][]. See their respective README for details, there should be no real surprises, both use the familiar configure, make, make install. +To find the two libraries uftpd depends on `pkg-config`. The package +name for your Linux distribution varies, on Debian/Ubuntu systems: + +```shell +user@example:~/> sudo apt install pkg-config +``` + uftpd, as well as its dependencies, can be built as `.deb` packages on -Debian or Ubuntu based distributions. Simply download each source -component and run +Debian or Ubuntu based distributions. Download and install each of the +dependencies, and then run ./autogen.sh <--- Only needed if using GIT sources ./configure make package +The `.deb` package takes care of setting up `/etc/inetd.conf`, create an +`ftp` user and an `/srv/ftp` home directory with write permissions for +all members of the `users` group. + If you are using a different Linux or UNIX distribution, check the output from `./configure --help`, followed by `make all install`. For instance, building on [Alpine Linux](https://alpinelinux.org/): diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/uftpd-2.8/configure.ac new/uftpd-2.9/configure.ac --- old/uftpd-2.8/configure.ac 2019-05-28 06:22:26.000000000 +0200 +++ new/uftpd-2.9/configure.ac 2019-07-29 10:53:23.000000000 +0200 @@ -1,4 +1,4 @@ -AC_INIT([uftpd], [2.8], [https://github.com/troglobit/uftpd/issues],, [http://troglobit.com/uftpd.html]) +AC_INIT([uftpd], [2.9], [https://github.com/troglobit/uftpd/issues],, [http://troglobit.com/uftpd.html]) AM_INIT_AUTOMAKE([1.11 foreign no-dist-gzip dist-xz]) AM_SILENT_RULES([yes]) @@ -11,7 +11,6 @@ AC_PROG_INSTALL # Configuration. -AC_HEADER_STDC AC_CHECK_HEADERS(sys/time.h) AC_CHECK_FUNCS(strstr getopt getsubopt gettimeofday) @@ -20,6 +19,9 @@ AC_TYPE_UINT16_T AC_TYPE_UINT32_T +# Check for pkg-config first, warn if it's not installed +PKG_PROG_PKG_CONFIG + # Check for required libraries PKG_CHECK_MODULES([uev], [libuev >= 2.2.0]) PKG_CHECK_MODULES([lite], [libite >= 1.5.0]) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/uftpd-2.8/debian/.gitignore new/uftpd-2.9/debian/.gitignore --- old/uftpd-2.8/debian/.gitignore 1970-01-01 01:00:00.000000000 +0100 +++ new/uftpd-2.9/debian/.gitignore 2019-07-29 10:53:23.000000000 +0200 @@ -0,0 +1,8 @@ +autoreconf.* +debhelper-build-stamp +files +uftpd.debhelper.log +uftpd.post* +uftpd.pre* +uftpd.substvars +uftpd/ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/uftpd-2.8/debian/changelog new/uftpd-2.9/debian/changelog --- old/uftpd-2.8/debian/changelog 2019-05-28 06:22:26.000000000 +0200 +++ new/uftpd-2.9/debian/changelog 2019-07-29 10:53:23.000000000 +0200 @@ -1,3 +1,15 @@ +uftpd (2.9) unstable; urgency=medium + + * Check FTP root security after dropping privileges, issue #22 + * Revert insecure default: "writable FTP root", introduced in v2.8 + * Revert part of issue #18 to fix issue #23; "CWD /" doesn't work + * Update debian packaging to policy 4.3.0 + * Fix failing postrm script, causing dpkg -P uftpd to fail hard + * Fix spelling errors found by Lintian + * Fix package description, more formal and less personal, thanks Lintian + + -- Joachim Nilsson <[email protected]> Mon, 29 Jul 2019 10:52:49 +0200 + uftpd (2.8) unstable; urgency=medium * Fix off-by-one regression introduced in v2.5 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/uftpd-2.8/debian/compat new/uftpd-2.9/debian/compat --- old/uftpd-2.8/debian/compat 2019-05-28 06:22:26.000000000 +0200 +++ new/uftpd-2.9/debian/compat 2019-07-29 10:53:23.000000000 +0200 @@ -1 +1 @@ -7 +10 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/uftpd-2.8/debian/control new/uftpd-2.9/debian/control --- old/uftpd-2.8/debian/control 2019-05-28 06:22:26.000000000 +0200 +++ new/uftpd-2.9/debian/control 2019-07-29 10:53:23.000000000 +0200 @@ -1,10 +1,10 @@ Source: uftpd Section: net -Priority: extra +Priority: optional Maintainer: Joachim Nilsson <[email protected]> -Build-Depends: debhelper (>= 7.0.0) -Standards-Version: 3.9.3 -Homepage: http://troglobit.com/uftpd.html +Build-Depends: debhelper (>= 10) +Standards-Version: 4.3.0 +Homepage: https://troglobit.com/uftpd.html Package: uftpd Architecture: any @@ -12,12 +12,13 @@ Depends: openbsd-inetd | inet-superserver, debconf (>= 0.2.17), ${shlibs:Depends}, ${misc:Depends} Provides: ftp-server Conflicts: ftp-server, tftpd, tftpd-hpa -Description: The no nonsense TFTP/FTP server. - An excellent choice for those of us who never wanted to learn every - config file format on this planet. uftpd has no configuration, and - starts automatically from the traditional UNIX inetd super server, - neatly tcpwrapped for your safety. +Description: No nonsense TFTP/FTP server + uftpd is a very simple TFTP and FTP server intended for small and local + LANs. It works on the Internet, although it is not recommended, and is + set up in a read-only configuration by default. It has no users, no + configuration file, and is started on-demand by the UNIX inetd super + server, neatly tcpwrapped for your safety. . Hardcore Internet users and anyone concerned about security should - probably consider a seperate TFTP server and for FTP look at one of: + probably consider a separate TFTP server and for FTP look at one of: vsftpd, proftpd or pure-ftpd. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/uftpd-2.8/debian/postinst new/uftpd-2.9/debian/postinst --- old/uftpd-2.8/debian/postinst 2019-05-28 06:22:26.000000000 +0200 +++ new/uftpd-2.9/debian/postinst 2019-07-29 10:53:23.000000000 +0200 @@ -1,13 +1,12 @@ -#!/bin/sh -set -e +#!/bin/sh -e [ "$1" = "configure" ] || exit 0 # Source debconf library. . /usr/share/debconf/confmodule -FTPENTRY="ftp stream tcp nowait root /usr/sbin/tcpd in.ftpd -o writable" -TFTPENTRY="tftp dgram udp wait root /usr/sbin/tcpd in.tftpd -o writable" +FTPENTRY="ftp stream tcp nowait root /usr/sbin/tcpd in.ftpd" +TFTPENTRY="tftp dgram udp wait root /usr/sbin/tcpd in.tftpd" if [ ! -f /etc/inetd.conf -a -d /etc/xinetd.d -a -x /usr/sbin/xinetd ]; then cat <<-TEXT diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/uftpd-2.8/debian/postrm new/uftpd-2.9/debian/postrm --- old/uftpd-2.8/debian/postrm 2019-05-28 06:22:26.000000000 +0200 +++ new/uftpd-2.9/debian/postrm 2019-07-29 10:53:23.000000000 +0200 @@ -1,6 +1,4 @@ -#!/bin/sh - -set -e +#!/bin/sh -e if [ "$1" = "purge" ]; then if command -v update-inetd >/dev/null 2>&1; then @@ -12,13 +10,10 @@ # Remove uftpd entries from db if [ -f /usr/share/debconf/confmodule ]; then . /usr/share/debconf/confmodule - db_purge uftpd/ftp - db_purge uftpd/tftp + db_purge fi fi -deluser ftp || true - -#DEBHELPER# +deluser --quiet --system ftp exit 0 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/uftpd-2.8/debian/preinst new/uftpd-2.9/debian/preinst --- old/uftpd-2.8/debian/preinst 2019-05-28 06:22:26.000000000 +0200 +++ new/uftpd-2.9/debian/preinst 1970-01-01 01:00:00.000000000 +0100 @@ -1,5 +0,0 @@ -#!/bin/sh - -set -e - -#DEBHELPER# diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/uftpd-2.8/debian/prerm new/uftpd-2.9/debian/prerm --- old/uftpd-2.8/debian/prerm 2019-05-28 06:22:26.000000000 +0200 +++ new/uftpd-2.9/debian/prerm 2019-07-29 10:53:23.000000000 +0200 @@ -1,8 +1,4 @@ -#!/bin/sh - -set -e +#!/bin/sh -e update-inetd --pattern 'in.ftpd' --multi --disable ftp update-inetd --pattern 'in.tftpd' --multi --disable tftp - -#DEBHELPER# diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/uftpd-2.8/debian/rules new/uftpd-2.9/debian/rules --- old/uftpd-2.8/debian/rules 2019-05-28 06:22:26.000000000 +0200 +++ new/uftpd-2.9/debian/rules 2019-07-29 10:53:23.000000000 +0200 @@ -1,45 +1,15 @@ #!/usr/bin/make -f -# Simple debian/rules that uses debhelper(7). -# GNU copyright 1997 by Joey Hess. -.PHONY: build clean binary-indep binary-arch binary install +# export DH_VERBOSE=1 +export DEB_BUILD_MAINT_OPTIONS = hardening=+all -build: - dh_testdir - dh_auto_configure - dh_auto_build +%: + dh $@ --with autoreconf,systemd -clean: - dh_testdir - dh_testroot - dh_clean +override_dh_installchangelogs: + dh_installchangelogs ChangeLog.md -install: build - dh_testdir - dh_testroot - dh_prep - dh_installdirs +# Remove LICENSE and ChangeLog.md per Debian Policy +override_dh_auto_install: dh_auto_install - -binary-indep: build install - dh_installdocs - dh_installdebconf - dh_installman - dh_installchangelogs - -binary-arch: build install - dh_strip - rm -f debian/uftpd/usr/share/doc/uftpd/LICENSE - rm -f debian/uftpd/usr/share/doc/uftpd/ChangeLog.md - dh_compress - dh_fixperms - dh_installdebconf - dh_installdeb - dh_shlibdeps - dh_gencontrol - dh_md5sums - dh_builddeb - -source diff: - @echo >&2 'source and diff are obsolete - use dpkg-source -b'; false - -binary: binary-indep binary-arch + rm -v debian/uftpd/usr/share/doc/uftpd/LICENSE + rm -v debian/uftpd/usr/share/doc/uftpd/ChangeLog.md diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/uftpd-2.8/debian/templates new/uftpd-2.9/debian/templates --- old/uftpd-2.8/debian/templates 2019-05-28 06:22:26.000000000 +0200 +++ new/uftpd-2.9/debian/templates 2019-07-29 10:53:23.000000000 +0200 @@ -1,10 +1,10 @@ Template: uftpd/ftp Type: boolean Default: true -Description: Enable FTP service +Description: Enable FTP service? Template: uftpd/tftp Type: boolean Default: true -Description: Enable TFTP service +Description: Enable TFTP service? diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/uftpd-2.8/man/uftpd.8 new/uftpd-2.9/man/uftpd.8 --- old/uftpd-2.8/man/uftpd.8 2019-05-28 06:22:26.000000000 +0200 +++ new/uftpd-2.9/man/uftpd.8 2019-07-29 10:53:23.000000000 +0200 @@ -13,9 +13,9 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd Mar 03, 2019 +.Dd Jul 29, 2019 .Dt UFTPD 8 -.Os "uftpd (2.7)" +.Os "uftpd (2.9)" .Sh NAME .Nm uftpd .Nd diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/uftpd-2.8/src/.gitignore new/uftpd-2.9/src/.gitignore --- old/uftpd-2.8/src/.gitignore 1970-01-01 01:00:00.000000000 +0100 +++ new/uftpd-2.9/src/.gitignore 2019-07-29 10:53:23.000000000 +0200 @@ -0,0 +1 @@ +uftpd \ No newline at end of file diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/uftpd-2.8/src/common.c new/uftpd-2.9/src/common.c --- old/uftpd-2.8/src/common.c 2019-05-28 06:22:26.000000000 +0200 +++ new/uftpd-2.9/src/common.c 2019-07-29 10:53:23.000000000 +0200 @@ -83,7 +83,7 @@ memset(rpath, 0, sizeof(rpath)); if (!realpath(ptr, rpath)) { - ERR(errno, "Failed realpath(%s)", ptr); + INFO("Failed realpath(%s): %m", ptr); return NULL; } @@ -260,6 +260,15 @@ if (!fail1 && !fail2) INFO("Successfully dropped privilges to %d:%d (uid:gid)", pw->pw_uid, pw->pw_gid); + /* + * Check we don't have write access to the FTP root, + * unless explicitly allowed + */ + if (!do_insecure && !access(home, W_OK)) { + ERR(0, "FTP root %s writable, possible security violation, aborting session!", home); + goto fail; + } + /* On failure, we tried at least. Only warn once. */ privs_dropped = 1; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/uftpd-2.8/src/ftpcmd.c new/uftpd-2.9/src/ftpcmd.c --- old/uftpd-2.8/src/ftpcmd.c 2019-05-28 06:22:26.000000000 +0200 +++ new/uftpd-2.9/src/ftpcmd.c 2019-07-29 10:53:23.000000000 +0200 @@ -398,7 +398,9 @@ * entry is a file or directory. */ dir = compose_abspath(ctrl, path); - if (!dir || stat(dir, &st) || !S_ISDIR(st.st_mode) || strlen(home) > strlen(dir)) { + if (!dir || stat(dir, &st) || !S_ISDIR(st.st_mode)) { + DBG("chrooted:%d, ctrl->cwd: %s, home:%s, dir:%s, len:%zd, dirlen:%zd", + chrooted, ctrl->cwd, home, dir, strlen(home), strlen(dir)); send_msg(ctrl->sd, "550 No such directory.\r\n"); return; } @@ -918,7 +920,7 @@ return 1; } - INFO("Data server port estabished. Waiting for client connnect ..."); + INFO("Data server port estabished. Waiting for client to connect ..."); if (listen(ctrl->data_listen_sd, 1) < 0) { ERR(errno, "Client data connection failure"); send_msg(ctrl->sd, "426 Internal server error.\r\n"); @@ -1231,13 +1233,14 @@ path = compose_abspath(ctrl, file); if (!path) { - ERR(errno, "Invalid path for %s", file); + INFO("Invalid path for %s: %m", file); goto fail; } DBG("Trying to write to %s ...", path); fp = fopen(path, "wb"); if (!fp) { + /* If EACCESS client is trying to do something disallowed */ ERR(errno, "Failed writing %s", path); fail: send_msg(ctrl->sd, "451 Trouble storing file.\r\n"); @@ -1294,7 +1297,7 @@ path = compose_abspath(ctrl, arg); if (!path) { - ERR(errno, "Invalid path for %s", arg); + INFO("Invalid path for %s: %m", arg); goto fail; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/uftpd-2.8/src/uftpd.c new/uftpd-2.9/src/uftpd.c --- old/uftpd-2.8/src/uftpd.c 2019-05-28 06:22:26.000000000 +0200 +++ new/uftpd-2.9/src/uftpd.c 2019-07-29 10:53:23.000000000 +0200 @@ -100,7 +100,7 @@ */ static void sigquit_cb(uev_t *w, void *arg, int events) { - INFO("Recieved signal %d, exiting ...", w->signo); + INFO("Received signal %d, exiting ...", w->signo); /* Forward signal to any children in this process group. */ if (killpg(getpgrp(), SIGTERM)) @@ -139,25 +139,6 @@ return port; } -/* - * Check that we don't have write access to the FTP root, - * unless explicitly allowed - */ -static int security_check(char *home) -{ - if (access(home, F_OK)) { - ERR(errno, "Cannot access FTP root %s", home); - return 1; - } - - if (!do_insecure && !access(home, W_OK)) { - ERR(0, "FTP root %s writable, possible security violation!", home); - return 1; - } - - return 0; -} - static int init(uev_ctx_t *ctx) { /* Figure out FTP/TFTP ports */ @@ -178,8 +159,10 @@ } } - if (!home || security_check(home)) + if (!home || access(home, F_OK)) { + ERR(errno, "Cannot access FTP root %s", home ? home : "NIL"); return 1; + } return uev_init(ctx); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/uftpd-2.8/src/uftpd.h new/uftpd-2.9/src/uftpd.h --- old/uftpd-2.8/src/uftpd.h 2019-05-28 06:22:26.000000000 +0200 +++ new/uftpd-2.9/src/uftpd.h 2019-07-29 10:53:23.000000000 +0200 @@ -97,6 +97,7 @@ extern int do_syslog; /* Bool: False at daemon start */ extern int do_ftp; /* Port: FTP port, or disabled */ extern int do_tftp; /* Port: TFTP port, or disabled */ +extern int do_insecure; /* Bool: Allow writable root or not */ extern struct passwd *pw; /* FTP user's passwd entry */ typedef struct tftphdr tftp_t;
