From owner-freebsd-security Thu Jan 4 7:32:43 2001 From owner-freebsd-security@FreeBSD.ORG Thu Jan 4 07:32:40 2001 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (Postfix) with ESMTP id 28BBE37B402 for ; Thu, 4 Jan 2001 07:32:40 -0800 (PST) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.9.3/8.9.3) id KAA59487; Thu, 4 Jan 2001 10:32:36 -0500 (EST) (envelope-from wollman) Date: Thu, 4 Jan 2001 10:32:36 -0500 (EST) From: Garrett Wollman Message-Id: <200101041532.KAA59487@khavrinen.lcs.mit.edu> To: "Portwood, Jason" Cc: "'freebsd-security@FreeBSD.ORG'" Subject: ftpd and anonymous setup In-Reply-To: <6381A6A8826BD31199500090279CAFBA24F41A@exchange.strategicit.net> References: <6381A6A8826BD31199500090279CAFBA24F41A@exchange.strategicit.net> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org < said: > I chose 773 to allow someone to be assigned to the group to control the > contents of that > directory. > That will allow files to be uploaded and not be viewable. Doesn't help -- the WaReZ d00dz are perfectly capable of telling their 31337 co-conspirators the name under which they have uploaded the file. The only solution is an ftpd configuration option (like in wuftpd) which creates files under a different user id and a mode which is not readable by the kiddies. A useful addition to ftpd would be an option to disable all operations which would modify the filesystem. -GAWollman To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message