Date: Mon, 17 Jul 2006 08:09:13 -1000 From: "David J. Orman" <ormandj@corenode.com> To: Mikhail Teterin <mi+mx@aldan.algebra.com> Cc: isp@freebsd.org, net@freebsd.org Subject: Re: forcing FTP-uploaded files to be of certain types only Message-ID: <c88e9a881918.44bb45a9@corenode.com> In-Reply-To: <200607171358.09943.mi%2Bmx@aldan.algebra.com> References: <200607171306.01882.mi%2Bmx@aldan.algebra.com> <c88eb16f1a0f.44bb4185@corenode.com> <200607171358.09943.mi%2Bmx@aldan.algebra.com>
next in thread | previous in thread | raw e-mail | index | archive | help
----- Original Message ----- From: Mikhail Teterin <mi+mx@aldan.algebra.com> Date: Monday, July 17, 2006 7:58 am Subject: Re: forcing FTP-uploaded files to be of certain types only > I was hoping for some sort of plugin-API for the server... > Determining the > file's type is not really hard -- file(1) does just that. I'm not > looking to > prevent _malicious_ users -- just the ignorant ones. Ok, I see what you're interested in. I don't believe the stock FBSD server has a plugin API. Try something like ProFTPD, if you are comfortable writing a module that accesses external programs. I wouldn't do that myself, too much room for exploits, but you could always use the algorithm from file(1) in your module, as it is BSD licensed. > We don't mind LARGE files -- some of those are legitimate. We just > want them > to be compressed before being uploaded. In fact, checking for this > is even > easier, than the usual byte-sniffing done by file(1) -- just try to > compress > those first 100K. If the result is smaller than 50K, the whole gets > rejected :-) That could lead to many DoS attacks, high load, etc - but as you said you trust the users, I suspect this is not an issue to you. I personally code with security in mind no matter the situation, but you decide what is best for you. :) > No, destruction is not an option :-) Awww, that's my favorite part! ;) > Yeah, and we are doing that now -- kind of. But I would like an > educational > message sent to the uploader instead: "Transfer aborted: please > compress > large files before uploading"... Now that I understand your situation better, I see what you are attempting to do. You'll likely need something like ProFTPD to accomplish what you're asking, I don't believe the stock FTP server has the functionality/modular design necessary. Something you might want to consider - simply compressing all files recieved on the ftp server, regardless of type/previous compression. Since it sounds like you wan't worry about DoSing, malicious users, etc - and I am assuming this is on the internal network only - and also security is not your concern - simply compressing all files wouldn't hurt anything. It'll only gain you a few % on the previously compressed files, but it will take care of the uncompressed files in the process. Re-training users can be quite dificult, CPU hours costs much less than human hours. :) Either way, it sounds like you can accomplish your task. I'd personally write a module with built in file(1) type functionality myself, and not access file(1) as an external program. All of the options above, should work - however. You'll need a different FTP daemon though if you want to write a module. :) Best wishes, David
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?c88e9a881918.44bb45a9>