Date: Tue, 09 Dec 1997 08:26:49 +0200 From: Sheldon Hearn <axl@iafrica.com> To: freebsd-ports@freebsd.org Subject: Re: Possible problem with ftpd 6.00 Message-ID: <18850.881648809@axl.iafrica.com> In-Reply-To: Your message of "Fri, 05 Dec 1997 22:50:13 %2B0100." <13962.881358613@verdi.nethelp.no>
next in thread | previous in thread | raw e-mail | index | archive | help
I've made a port for Marcus Ranum's aftpd following a thread that took
place in -security over recent days. An extract from that thread is
included at the end.
I have three questions. I'll call them [A], [B] and [C] to allow for
zero-quoted reply. ;-)
[A] Ownership
It currently installs aftpd into ${PREFIX}/libexec owned by bin:bin .
The ownership doesn't seem to matter much because:
1) it's called from inetd and run as root
2) it needs root priveledge to chroot into /home/ftp
3) it does set{gu}id to ftp:operator as soon as the chroot is done
Should I be pedantic and install with different ownership?
[B] Compiled defaults
As per mjr's recommendation in the README file, I've hardcoded the
desired ftp chroot dir into the binary. It can still be overrided using
command line options (mjr's concerns about passing arguments from inetd
don't apply to FreeBSD's inetd).
Is /home/ftp a religiously sound default?
Also, is it acceptable for me to use UID 14 and GID 5 for ftp:operator
or should I be getting a script to dig those numbers out of /etc/* at
the configure stage?
[C] Source patch review
A small change to the source was required for building on 2.2-RELENG
(untested on -CURRENT). From my understanding of the philosophy behind
C, I've done the right thing. but I have no programming experience to
validate my whim.
What is the best way for me to have the change I've made to the source
code reviewed prior to port submission?
Thanks for your time,
Sheldon.
First cschuber@uumail.gov.bc.ca said this:
| You have stumbled across aguably (IMHO) the best anonymous FTP server
| out there. Netscape sends USER and PASS commands, regardless of the
| prompt. If you want to run a read-only anonymous FTP server, this is
| the one to use. Because anonftp doesn't handle "regular" FTP, you
| would need to put your "regular" FTP server on another port.
|
| The reason anonftpd is so good is that it does only one thing:
| Anonymous FTP, that's it. Maybe there should be a port for it (and
| some other of Daniel Bernstien's work such as Qmail). Then people who
| want to run a secure anonymous FTP server can.
Then sthaug@nethelp.no replied thusly:
| Personally, I prefer Marcus Ranum's hacked ftpd, aftpd. With the
| default compilation flags, only anonymous service is provided. It
| needs a regular bin/ls, but that's all. The listing format is more
| standard than anonftpd.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?18850.881648809>