Date: Wed, 14 Sep 2016 08:58:07 +0100 From: Matthew Seaman <matthew@FreeBSD.org> To: freebsd-security@freebsd.org Subject: Re: ftpd leaks info which might be useful to an attacker Message-ID: <1333775a-3398-ab93-66fe-6c381eb5c428@FreeBSD.org> In-Reply-To: <68595.1473800829@segfault.tristatelogic.com> References: <68595.1473800829@segfault.tristatelogic.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --M7Uo75exWSvLre1MGgerLt5kOAKaG8T1n Content-Type: multipart/mixed; boundary="Q3aVhxrtXrQnPRMFL5bhAjXMvFBU5bNQR"; protected-headers="v1" From: Matthew Seaman <matthew@FreeBSD.org> To: freebsd-security@freebsd.org Message-ID: <1333775a-3398-ab93-66fe-6c381eb5c428@FreeBSD.org> Subject: Re: ftpd leaks info which might be useful to an attacker References: <68595.1473800829@segfault.tristatelogic.com> In-Reply-To: <68595.1473800829@segfault.tristatelogic.com> --Q3aVhxrtXrQnPRMFL5bhAjXMvFBU5bNQR Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 13/09/2016 22:07, Ronald F. Guilmette wrote: > One set of such decisions has to do with the following files: >=20 > ~ftp/etc/group > ~ftp/etc/pwd.db >=20 > Thinking about how the contents of these files affects the behavior of > the ftp DIR command caused me to realize that I actually would prefer > it if there were some some option available for ftpd which would cause > it to display only something like ---- where it currently attempts to > print either a user ID name or number or a group ID name or number. Why is this a problem, given that all the user and group IDs your ftpd will display come from the private files in your chroot? You can make the ownership of the files under ~ftp anything you want, and you can make them appear as anything you want. In practice I'd make everything owned by root:wheel, unless you want to support uploading, in which case *only* the area files can be uploaded to should be made owned by ftpd and writable by that UID. Some sort of cron job running chown and chmod recursively over that collection to enforce this would be a good idea. > I should perhaps mention that I'm using the -A option to ftpd, and that= > thus, pretty much any Tom, dick, and harry on the whole Internet will > be able to log in (as anonymous) to my FTP server and then scrounge > around for intersting stuff. I would kind of prefer if the stuff that > any such party could find would _not_ include actual user or group IDs,= > or even numeric UIDs/GIDs. Basically don't mix anonymous access with password authenticated access. Also, don't use password access with *plaintext* protocols like FTP. About the only useful way to use FTP any more is for anonymous read-only access to download stuff from an archive -- and in that use case, a web server is generally a much better choice. FTP as a protocol is archaic and needs to die. Cheers, Matthew --Q3aVhxrtXrQnPRMFL5bhAjXMvFBU5bNQR-- --M7Uo75exWSvLre1MGgerLt5kOAKaG8T1n Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQJ8BAEBCgBmBQJX2QMVXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2NTNBNjhCOTEzQTRFNkNGM0UxRTEzMjZC QjIzQUY1MThFMUE0MDEzAAoJELsjr1GOGkAT3DgP/joaPF8Iv3qxfdNdqGTpQ+qt 21oa/5ajfcDQAPKtIzD8wUS/xisTy8TM5Xh1ydoqF2FW/x4WGcfU3rPrnwIkjVwj dZy3vUoXOTIuRC7+n6wAI/xFbp4FB/fhEkNJDBbl1aT0nokGry9sMSe0mfgEbym9 9v7JjBIrAJnxtIPe7mD28P2AQa94uHMS/QID8XiK/VxnH6ySNjP9bOiTQXtFzr31 JY3sYrIamEelS623rtFoyA5BbVezxw48pz+vCufx4VV3TkT5eW+7nXkIAEzKGoNj BCUyWy8U5qzIVuXF5tFqdWOsl+8KGyUkwP9VKneoMXtB7gUrOB6+mHcbbec8Jm3K SY8dE0P4w9l4zqIi/SI52fUp+D7CF9hbV1heHvl15bsVlRI/eJY7akpGCcQXYgL7 AXA0WfDB4bgCZA+V/QCNQVenCE3CxKW+usnCBo1/0ZoLOHJo74UW5RqDyHguW8f0 VivAa83vORjXMKWkBUBS1tmoD3u7a+o5jwM0iCGLC4fTqgxT5BGNiJ/FGS69fYjt aGyJZ347pr8hI3bOokKKHTMKhGTAeXwzg30GfbWbHcAplDTpd4LcT5SRhIBTxjWr P5hjdJE4jl0bjVv2yGnM/9ek+OFtnhKQE+Z8WWsabaxRuX+NPXegZaut16X5BTNC 7ODpByT0taPTbbwBgPrS =RtHo -----END PGP SIGNATURE----- --M7Uo75exWSvLre1MGgerLt5kOAKaG8T1n--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1333775a-3398-ab93-66fe-6c381eb5c428>