From owner-freebsd-hackers Sat Jan 19 13:23:48 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from cube.gelatinous.com (cube.gelatinous.com [207.82.194.150]) by hub.freebsd.org (Postfix) with SMTP id E87B737B400 for ; Sat, 19 Jan 2002 13:23:45 -0800 (PST) Received: (qmail 91089 invoked by uid 1000); 19 Jan 2002 21:23:45 -0000 Date: Sat, 19 Jan 2002 13:23:45 -0800 From: Aaron Smith To: Julian Elischer Cc: Aaron Smith , freebsd-hackers@freebsd.org Subject: Re: ftpd patch that saves me a lot of hassle Message-ID: <20020119132345.G909@gelatinous.com> References: <20020119122812.E909@gelatinous.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from julian@elischer.org on Sat, Jan 19, 2002 at 12:46:03PM -0800 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Sat, Jan 19, 2002 at 12:46:03PM -0800, Julian Elischer wrote: > if you make your incoming Write-only then they will hav elottle point in > puting stuff there.. It is already write-only, but I still get lots of directory trees created and populated with files they cannot read. > We do this, in several places, and have a script move the incoming stuff > elsewhere at regular intervals too. > > (not that I disagree with your patch but I often mode 'dot files' > e.g. .cshrc, or even CVS "#" files This patch only deals with directories, but I definitely see your point. > On Sat, 19 Jan 2002, Aaron Smith wrote: > > > I got sick of (presumably) warez people probing my anonymous ftp site and > > dropping all kinds of hard-to-delete trash in incoming, so I patched my > > ftpd to only allow directories to start with alphanumerics. There's > > probably a better solution, but this works for me so I figure'd I'd share. > > > > Combining this with a umask that doesn't allow reading uploaded files keeps > > things reasonably well in hand. > > > > --Aaron > > > > > > Index: ftpd.c > > =================================================================== > > RCS file: /usr/cvs/src/libexec/ftpd/ftpd.c,v > > retrieving revision 1.62.2.15 > > diff -u -r1.62.2.15 ftpd.c > > --- ftpd.c 2001/12/18 18:35:55 1.62.2.15 > > +++ ftpd.c 2002/01/19 09:47:42 > > @@ -2216,6 +2216,12 @@ > > { > > > > LOGCMD("mkdir", name); > > + > > + if (!isalnum(*name)) { > > + reply(521, "Bite me."); > > + return; > > + } > > + > > if (mkdir(name, 0777) < 0) > > perror_reply(550, name); > > else > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-hackers" in the body of the message > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-hackers" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message