Date: Wed, 10 Jun 1998 17:53:38 +0400 (MSD) From: "Alexander V. Tischenko" <flash@intech.hway.ru> To: Karl Pielorz <kpielorz@tdx.co.uk> Cc: isp@FreeBSD.ORG Subject: Re: wu-ftpd problems? Message-ID: <Pine.BSI.3.96.SK.980610175239.4352A-100000@balin.intech.hway.ru> In-Reply-To: <357E881C.8061DFA6@tdx.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
I see no problems here, as soon as directory is writable by wwwadmin everything is in line with standard Unix protections. On Wed, 10 Jun 1998, Karl Pielorz wrote: > I'm running wu-ftpd from the ports collection on a 2.2.2 box... (wu-ftpd > version 'wu-2.4.2-academ[BETA-13](1)'. > > I've just noticed that the following file: > > -rw-r--r-- root bin index.html > > Can be renamed by someone logging into the ftp server as 'wwwadmin' (group > wwwadmin) - and doing a rename from CuteFTP - they can rename the file to > something like: > > -rw-r--r-- root bin youstink.html > > The directory the file is in is: > > -rwxr-xr-x wwwadmin bin > > Am I doing something funny - is there something I've missed - or is it more > likely to be a misconfigured wu-ftpd? > > We've also been looking at switching back to the regular (i.e. ships with > FreeBSD ftpd) - as it will support nice things like internal 'ls' etc... > Anyone got any comments on this? > > Regards, > > Karl Pielorz > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > Alexander V. Tischenko ------------------------------------------------------------------------------ Integrated Network Technologies | Tel: +7 095 978-47-37 7, Miusskaya sq., Moscow, 125047 Russia | Fax: +7 095 978-47-37 Internet: flash@hway.ru | NIC: AT55-RIPE To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSI.3.96.SK.980610175239.4352A-100000>