From owner-freebsd-isp  Wed Jun 10 06:54:40 1998
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id GAA03874
          for freebsd-isp-outgoing; Wed, 10 Jun 1998 06:54:40 -0700 (PDT)
          (envelope-from owner-freebsd-isp@FreeBSD.ORG)
Received: from thorin.hway.ru (thorin.hway.ru [195.170.38.130])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id GAA03850
          for <isp@FreeBSD.ORG>; Wed, 10 Jun 1998 06:54:30 -0700 (PDT)
          (envelope-from flash@intech.hway.ru)
Received: from balin.intech.hway.ru (balin.intech.hway.ru [192.168.1.25])
	by thorin.hway.ru (8.8.8/8.8.8) with ESMTP id RAA29736;
	Wed, 10 Jun 1998 17:53:38 +0400 (MSD)
Received: from localhost (flash@localhost)
	by balin.intech.hway.ru (8.8.8/8.8.8) with SMTP id RAA05339;
	Wed, 10 Jun 1998 17:53:38 +0400 (MSD)
Date: Wed, 10 Jun 1998 17:53:38 +0400 (MSD)
From: "Alexander V. Tischenko" <flash@intech.hway.ru>
To: Karl Pielorz <kpielorz@tdx.co.uk>
cc: isp@FreeBSD.ORG
Subject: Re: wu-ftpd problems?
In-Reply-To: <357E881C.8061DFA6@tdx.co.uk>
Message-ID: <Pine.BSI.3.96.SK.980610175239.4352A-100000@balin.intech.hway.ru>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

I see no problems here, as soon as directory is writable by wwwadmin
everything is in line with standard Unix protections.

On Wed, 10 Jun 1998, Karl Pielorz wrote:

> I'm running wu-ftpd from the ports collection on a 2.2.2 box... (wu-ftpd
> version 'wu-2.4.2-academ[BETA-13](1)'.
> 
> I've just noticed that the following file:
> 
> -rw-r--r--	root	bin	index.html
> 
> Can be renamed by someone logging into the ftp server as 'wwwadmin' (group
> wwwadmin) - and doing a rename from CuteFTP - they can rename the file to
> something like:
> 
> -rw-r--r--	root	bin	youstink.html
> 
> The directory the file is in is:
> 
> -rwxr-xr-x	wwwadmin	bin
> 
> Am I doing something funny - is there something I've missed - or is it more
> likely to be a misconfigured wu-ftpd?
> 
> We've also been looking at switching back to the regular (i.e. ships with
> FreeBSD ftpd) - as it will support nice things like internal 'ls' etc...
> Anyone got any comments on this?
> 
> Regards,
> 
> Karl Pielorz
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-isp" in the body of the message
> 

Alexander V. Tischenko
------------------------------------------------------------------------------
Integrated Network Technologies                 | Tel: +7 095 978-47-37
7, Miusskaya sq., Moscow, 125047 Russia         | Fax: +7 095 978-47-37
Internet: flash@hway.ru                         | NIC: AT55-RIPE


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message