From owner-freebsd-hubs  Fri Oct 11 11:55:43 2002
Delivered-To: freebsd-hubs@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 974DB37B401
	for <hubs@freebsd.org>; Fri, 11 Oct 2002 11:55:41 -0700 (PDT)
Received: from gaultopia.org (yttrium.4ph.com [66.197.0.170])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 0171443E97
	for <hubs@freebsd.org>; Fri, 11 Oct 2002 11:55:41 -0700 (PDT)
	(envelope-from eng@gaultopia.org)
Received: (qmail 30050 invoked by uid 1001); 11 Oct 2002 18:55:39 -0000
Date: Fri, 11 Oct 2002 14:45:09 -0400
From: Erik Gault <e@gaultopia.org>
To: Lyndon Nerenberg <lyndon@orthanc.ab.ca>
Subject: Re: Questionable ISO modes on ftp2
Message-ID: <20021011184509.GC29449@yttrium.gaultopia.org>
References: <200210110047.g9B0laqw008552@orthanc.ab.ca>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200210110047.g9B0laqw008552@orthanc.ab.ca>
User-Agent: Mutt/1.5.1i
Sender: owner-freebsd-hubs@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hubs.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hubs>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hubs>
X-Loop: FreeBSD.org

mistake.  thanks for pointing it out =).

erik

On Thu, Oct 10, 2002 at 06:47:36PM -0600, Lyndon Nerenberg wrote:
> The permissions for the 4.7 i386 ISO images on ftp2 are:
> 
> 150 Opening ASCII mode data connection for '/bin/ls'.
> total 5487666
> -rw-rw-r--  1 root   65532  639729664 Oct  9 22:11 4.7-disc1.iso
> -rw-rw-r--  1 65532  65532  666075136 Oct  9 07:17 4.7-disc2.iso
> -rw-rw-r--  1 65532  65532  654835712 Oct  8 10:13 4.7-disc3.iso
> -rw-rw-r--  1 65532  65532  648937472 Oct  8 10:47 4.7-disc4.iso
> -rw-rw-r--  1 root   65532  198672384 Oct  9 23:07 4.7-mini.iso
> -rw-rw-r--  1 root   65532        274 Oct  9 23:19 CHECKSUM.MD5
> 226 Transfer complete.
> 
> These look a bit dangerous. While ftpd might be configured read-only,
> the non-root [gu]ids that have write access to the images make me
> nervous. So, this is a gentle nudge to the FTP site admins to take
> a look at the distribution files on your servers and make sure
> the permissions are reasonable (especially in light of the recent
> sendmail distributions compromise).
> 
> While trolling though some other servers, ftp9 shows:
> 
> -rw-rw-r--   1 ftpuser  ftpusers 639729664 Oct  9 17:11 4.7-disc1.iso
> -rw-rw-r--   1 ftpuser  ftpusers 666075136 Oct  9 02:17 4.7-disc2.iso
> -rw-rw-r--   1 ftpuser  ftpusers 654835712 Oct  8 05:13 4.7-disc3.iso
> -rw-rw-r--   1 ftpuser  ftpusers 648937472 Oct  8 05:47 4.7-disc4.iso
> -rw-rw-r--   1 ftpuser  ftpusers 198672384 Oct  9 18:07 4.7-mini.iso
> -rw-rw-r--   1 ftpuser  ftpusers       274 Oct  9 18:19 CHECKSUM.MD5
> 226 Listing completed.
> 
> So maybe the distribution files on ftp-master had mode 664 to begin
> with?
> 
> --lyndon
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-hubs" in the body of the message

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hubs" in the body of the message