From owner-freebsd-audit  Tue Aug 28  5:28: 4 2001
Delivered-To: freebsd-audit@freebsd.org
Received: from axl.seasidesoftware.co.za (axl.seasidesoftware.co.za [196.31.7.201])
	by hub.freebsd.org (Postfix) with ESMTP
	id 7595F37B403; Tue, 28 Aug 2001 05:28:00 -0700 (PDT)
	(envelope-from sheldonh@starjuice.net)
Received: from sheldonh (helo=axl.seasidesoftware.co.za)
	by axl.seasidesoftware.co.za with local-esmtp (Exim 3.33 #1)
	id 15bhzu-000DAt-00; Tue, 28 Aug 2001 14:29:38 +0200
From: Sheldon Hearn <sheldonh@starjuice.net>
To: Nik Clayton <nik@FreeBSD.org>
Cc: audit@FreeBSD.org
Subject: Re: cvs commit: src/libexec/ftpd ftpcmd.y ftpd.8 ftpd.c 
In-reply-to: Your message of "Tue, 28 Aug 2001 04:59:21 MST."
             <200108281159.f7SBxLW31831@freefall.freebsd.org> 
Date: Tue, 28 Aug 2001 14:29:38 +0200
Message-ID: <50646.999001778@axl.seasidesoftware.co.za>
Sender: owner-freebsd-audit@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-audit.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-audit>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-audit>
X-Loop: FreeBSD.ORG



On Tue, 28 Aug 2001 04:59:21 MST, Nik Clayton wrote:

>   Modified files:
>     libexec/ftpd         ftpcmd.y ftpd.8 ftpd.c 
>   Log:
>   Add a new option, '-o', for "Write-only".  Disables the RETR command,
>   preventing anyone from downloading files.  In conjunction with -A, and some
>   appropriate file permissions, this lets you create an anonymous FTP drop
>   box for people to upload files to.

I plan to change this such that the impact of the -o flag only applies
to guest (anonymous) users.  I believe that this change will make the
option more useful, because

1) Non-guest users can be influenced on an individual basis, i.e. you
   can close a single user's account.  The guest users, on the other
   hand, are to be feared with respect to abuse by warez monkeys.  Since
   guest users pose the "unstoppable threat", they're really the ones to
   whom this option should apply in the absence of a more configurable
   ftpd.

2) The proposed change will allow me to protect myself against warez
   monkeys abusing my anonymous upload directory while still allowing
   non-guest useres with real accounts to retrieve files as expected,
   without having to run a second instance of ftpd on a non-standard
   port.

Ciao,
Sheldon.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message