# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
-@@ -103,12 +125,20 @@ connect_from_port_20=YES
+@@ -103,12 +123,22 @@ connect_from_port_20=YES
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES
#
+# This option specifies the location of the RSA certificate to use for SSL
+# encrypted connections.
+rsa_cert_file=/etc/ssl/private/vsftpd.pem
++#
++local_root=/
diff -Naurp vsftpd.orig/vsftpd.conf.5 vsftpd/vsftpd.conf.5
--- vsftpd.orig/vsftpd.conf.5 2009-11-06 08:41:11.000000000 +0100
+++ vsftpd/vsftpd.conf.5 2009-11-06 13:37:10.000000000 +0100
+++ /dev/null
-# Opendreambox /etc/vsftpd.conf
-#
-# Please see vsftpd.conf.5 for all compiled in defaults.
-#
-# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
-# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
-# capabilities.
-#
-# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
-anonymous_enable=NO
-#
-# Uncomment this to allow local users to log in.
-local_enable=YES
-#
-# Uncomment this to enable any form of FTP write command.
-write_enable=YES
-#
-# Default umask for local users is 077. You may wish to change this to 022,
-# if your users expect that (022 is used by most other ftpd's)
-#local_umask=022
-#
-# Uncomment this to allow the anonymous FTP user to upload files. This only
-# has an effect if the above global write enable is activated. Also, you will
-# obviously need to create a directory writable by the FTP user.
-#anon_upload_enable=YES
-#
-# Uncomment this if you want the anonymous FTP user to be able to create
-# new directories.
-#anon_mkdir_write_enable=YES
-#
-# Activate directory messages - messages given to remote users when they
-# go into a certain directory.
-dirmessage_enable=YES
-#
-# Activate logging of uploads/downloads.
-#xferlog_enable=YES
-#
-# Make sure PORT transfer connections originate from port 20 (ftp-data).
-connect_from_port_20=YES
-#
-# If you want, you can arrange for uploaded anonymous files to be owned by
-# a different user. Note! Using "root" for uploaded files is not
-# recommended!
-#chown_uploads=YES
-#chown_username=whoever
-#
-# You may override where the log file goes if you like. The default is shown
-# below.
-#xferlog_file=/var/log/vsftpd.log
-#
-# If you want, you can have your log file in standard ftpd xferlog format
-#xferlog_std_format=YES
-#
-# You may change the default value for timing out an idle session.
-#idle_session_timeout=600
-#
-# You may change the default value for timing out a data connection.
-#data_connection_timeout=120
-#
-# It is recommended that you define on your system a unique user which the
-# ftp server can use as a totally isolated and unprivileged user.
-#nopriv_user=ftpsecure
-#
-# Enable this and the server will recognise asynchronous ABOR requests. Not
-# recommended for security (the code is non-trivial). Not enabling it,
-# however, may confuse older FTP clients.
-async_abor_enable=YES
-#
-# By default the server will pretend to allow ASCII mode but in fact ignore
-# the request. Turn on the below options to have the server actually do ASCII
-# mangling on files when in ASCII mode.
-# Beware that turning on ascii_download_enable enables malicious remote parties
-# to consume your I/O resources, by issuing the command "SIZE /big/file" in
-# ASCII mode.
-# These ASCII options are split into upload and download because you may wish
-# to enable ASCII uploads (to prevent uploaded scripts etc. from breaking),
-# without the DoS risk of SIZE and ASCII downloads. ASCII mangling should be
-# on the client anyway..
-#ascii_upload_enable=YES
-#ascii_download_enable=YES
-#
-# You may fully customise the login banner string:
-ftpd_banner=Welcome to the OpenDreambox FTP service.
-#
-# You may specify a file of disallowed anonymous e-mail addresses. Apparently
-# useful for combatting certain DoS attacks.
-#deny_email_enable=YES
-# (default follows)
-#banned_email_file=/etc/vsftpd.banned_emails
-#
-# You may specify an explicit list of local users to chroot() to their home
-# directory. If chroot_local_user is YES, then this list becomes a list of
-# users to NOT chroot().
-#chroot_list_enable=YES
-# (default follows)
-#chroot_list_file=/etc/vsftpd.chroot_list
-#
-# You may activate the "-R" option to the builtin ls. This is disabled by
-# default to avoid remote users being able to cause excessive I/O on large
-# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
-# the presence of the "-R" option, so there is a strong case for enabling it.
-ls_recurse_enable=YES
-#
-secure_chroot_dir=/dev/shm
-local_root=/
--- /dev/null
+diff --git a/mkfs.ubifs/mkfs.ubifs.c b/mkfs.ubifs/mkfs.ubifs.c
+index f77e5e6..e002be5 100644
+--- a/mkfs.ubifs/mkfs.ubifs.c
++++ b/mkfs.ubifs/mkfs.ubifs.c
+@@ -324,6 +324,22 @@ static int in_path(const char *dir_name, const char *file_name)
+ return ret;
+ }
+
++/*
++ * same_device - determine if a file is on the same blockdevice as a directory.
++ * @dir_name: directory path name
++ * @file_name: file path name
++ */
++static int same_device(const char *dir_name, const char *file_name)
++{
++ struct stat stat1, stat2;
++
++ if (stat(dir_name, &stat1) == -1)
++ return -1;
++ if (stat(file_name, &stat2) == -1)
++ return -1;
++ return stat1.st_dev == stat2.st_dev;
++}
++
+ /**
+ * calc_min_log_lebs - calculate the minimum number of log LEBs needed.
+ * @max_bud_bytes: journal size (buds only)
+@@ -376,7 +392,7 @@ static int validate_options(void)
+
+ if (!output)
+ return err_msg("no output file or UBI volume specified");
+- if (root && in_path(root, output))
++ if (root && same_device(root, output) && in_path(root, output))
+ return err_msg("output file cannot be in the UBIFS root "
+ "directory");
+ if (!is_power_of_2(c->min_io_size))