Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 05 Jan 2002 18:38:15 -0500 (EST)
From:      Mike Heffner <mheffner@novacoxmail.com>
To:        Riccardo Torrini <riccardo@torrini.org>
Cc:        freebsd-stable@FreeBSD.ORG, freebsd-current@FreeBSD.ORG
Subject:   RE: ftpd STOR and STOU work the same ?
Message-ID:  <XFMail.20020105183815.mheffner@novacoxmail.com>
In-Reply-To: <XFMail.20020105230608.riccardo@torrini.org>

next in thread | previous in thread | raw e-mail | index | archive | help
This message is in MIME format
--_=XFMail.1.5.2.FreeBSD:20020105183815:186=_
Content-Type: text/plain; charset=us-ascii


On 05-Jan-2002 Riccardo Torrini wrote:
| On 05-Jan-2002 (19:47:53/GMT) Mike Heffner wrote:
| 
|>> I noticed a strange behaviour, sending a file twice create
|>> version even if sunique is off, on all versions I can test.
| 
|> This is intentional...
| 
| This is black magic.  I hate it.  I hope this would be (soon)
| documented _OR_ make configurable.
| ...or at least tell me where I can un-patch myself  ;)

Sure, it can be made configurable. Unfortunately, our current ftpd doesn't
support a config file like lukeftpd, or others, so it would have to be
implemented as a new argument.

The patch is simple, find the following code in ftpd.c, and just remove
the 'guest' in the first conditional.

void
store(name, mode, unique)
        char *name, *mode;
        int unique;
{
        FILE *fout, *din;
        struct stat st;
        int (*closefunc) __P((FILE *));

        if ((unique || guest) && stat(name, &st) == 0 &&
            (name = gunique(name)) == NULL) {
                LOGCMD(*mode == 'w' ? "put" : "append", name);
                return;
        }
        ...

 

| 
| 
|> If you need to upload, and overwrite a file, you might try
|> setting up a restricted user for this purpose, that only
|> has write access to a single directory.
| 
| Why?  Assume I have a very restricted /incoming dir (111) and
| one or two levels or restricted dir under that (.../foo/bar/)
| also with mode=111, and assume that a file named write-me is
| placed in that dir owned by anonimous, mode +w.
| Nothing can imagine files and dir if is unable to list them,
| so only authorized users or automatic robots can read/write
| under that deep path.

True, as long as the filename is not easily guessable, but it's still
security through obsecurity. ;)

| 
| Assume also that I need 2^n (a very large number) different
| users to write on my ftp a sort of report, all the times with
| the same name.  I can't delete/put because dir is not writable.

I don't quite follow this, do you have some other method involved to
move/copy the files to another location before the next user logs in and
overwrites the file?

| 
| Do you think this is a 'too-crazy' request?

No, feel free to submit a patch.


Mike

-- 
  Mike Heffner     <mheffner@[acm.]vt.edu>
  Fredericksburg, VA   <mikeh@FreeBSD.org>


--_=XFMail.1.5.2.FreeBSD:20020105183815:186=_
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE8N45mFokZQs3sv5kRAmMVAJ0Vpnk6QpOgMEfCiuL1VblP++OH/QCeMhi/
M+hkhIWB+rCBaKQ4jgzrnKM=
=WHdI
-----END PGP SIGNATURE-----

--_=XFMail.1.5.2.FreeBSD:20020105183815:186=_--
End of MIME message

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?XFMail.20020105183815.mheffner>