Date: Sat, 7 Feb 2004 06:54:30 -0800 (PST) From: Yar Tikhiy <yar@FreeBSD.org> To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/libexec/ftpd ftpd.c Message-ID: <200402071454.i17EsUvF007018@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
yar 2004/02/07 06:54:30 PST
FreeBSD src repository
Modified files:
libexec/ftpd ftpd.c
Log:
Deny attempts to rename a file from guest users if the policy
says they may not modify existing files through FTP.
Renaming a file is effectively a way to modify it.
For instance, if a malicious party is unable to delete or overwrite
a sensitive file, they can nevertheless rename it to a hidden name
and then upload a troyan horse under the guise of the old file name.
Revision Changes Path
1.152 +4 -0 src/libexec/ftpd/ftpd.c
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200402071454.i17EsUvF007018>