Date: Sat, 19 Jan 2002 13:23:45 -0800 From: Aaron Smith <aaron-fbsd@mutex.org> To: Julian Elischer <julian@elischer.org> Cc: Aaron Smith <aaron-fbsd@mutex.org>, freebsd-hackers@freebsd.org Subject: Re: ftpd patch that saves me a lot of hassle Message-ID: <20020119132345.G909@gelatinous.com> In-Reply-To: <Pine.BSF.4.21.0201191243580.2065-100000@InterJet.elischer.org>; from julian@elischer.org on Sat, Jan 19, 2002 at 12:46:03PM -0800 References: <20020119122812.E909@gelatinous.com> <Pine.BSF.4.21.0201191243580.2065-100000@InterJet.elischer.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Jan 19, 2002 at 12:46:03PM -0800, Julian Elischer wrote:
> if you make your incoming Write-only then they will hav elottle point in
> puting stuff there..
It is already write-only, but I still get lots of directory trees created
and populated with files they cannot read.
> We do this, in several places, and have a script move the incoming stuff
> elsewhere at regular intervals too.
>
> (not that I disagree with your patch but I often mode 'dot files'
> e.g. .cshrc, or even CVS "#" files
This patch only deals with directories, but I definitely see your point.
> On Sat, 19 Jan 2002, Aaron Smith wrote:
>
> > I got sick of (presumably) warez people probing my anonymous ftp site and
> > dropping all kinds of hard-to-delete trash in incoming, so I patched my
> > ftpd to only allow directories to start with alphanumerics. There's
> > probably a better solution, but this works for me so I figure'd I'd share.
> >
> > Combining this with a umask that doesn't allow reading uploaded files keeps
> > things reasonably well in hand.
> >
> > --Aaron
> >
> >
> > Index: ftpd.c
> > ===================================================================
> > RCS file: /usr/cvs/src/libexec/ftpd/ftpd.c,v
> > retrieving revision 1.62.2.15
> > diff -u -r1.62.2.15 ftpd.c
> > --- ftpd.c 2001/12/18 18:35:55 1.62.2.15
> > +++ ftpd.c 2002/01/19 09:47:42
> > @@ -2216,6 +2216,12 @@
> > {
> >
> > LOGCMD("mkdir", name);
> > +
> > + if (!isalnum(*name)) {
> > + reply(521, "Bite me.");
> > + return;
> > + }
> > +
> > if (mkdir(name, 0777) < 0)
> > perror_reply(550, name);
> > else
> >
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-hackers" in the body of the message
> >
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-hackers" in the body of the message
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020119132345.G909>