From owner-freebsd-questions Fri Jan 26 15:32:45 2001 Delivered-To: freebsd-questions@freebsd.org Received: from nisser.com (c0039.upc-c.chello.nl [212.187.0.39]) by hub.freebsd.org (Postfix) with ESMTP id 2FA5A37B401 for <questions@FreeBSD.ORG>; Fri, 26 Jan 2001 15:32:25 -0800 (PST) Received: from nisser.com (roelof [10.0.0.2]) by nisser.com (8.9.3/8.9.2) with ESMTP id AAA25545; Sat, 27 Jan 2001 00:32:13 +0100 (CET) (envelope-from roelof@nisser.com) Message-ID: <3A7208FD.B9C877F4@nisser.com> Date: Sat, 27 Jan 2001 00:32:13 +0100 From: Roelof Osinga <roelof@nisser.com> Organization: Nisser - Nr. 1 in Veiligheid X-Mailer: Mozilla 4.72 [en] (Windows NT 5.0; U) X-Accept-Language: en,pdf MIME-Version: 1.0 To: Tim McMillen <timcm@umich.edu>, Mike Meyer <mwm@mired.org>, "Albert D. Cahalan" <acahalan@cs.uml.edu>, questions@FreeBSD.ORG Subject: incoming perms [was Re: OT: non-Unix ...] References: <14957.31196.939559.889627@guru.mired.org> <14959.23870.728403.859934@guru.mired.org> <3A6F61DC.39E9CF0D@nisser.com> <01012419080209.24525@tim.elnsng1.mi.home.com> <3A71F92A.4F0CEA07@nisser.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Roelof Osinga wrote: > > Yes. With hindsight - and I got good hindsight! lots of practice - > ... > Now. What to do with all that egg on my face? Anybody fancy > eggnog? <g,d&(keeping)r> Well, looking back :), it wasn't so bad after all. More egg, more eggnog, ... PARTY!! ;) The reason I thought it so bad was in part that, somehow, I'd left my (anonymous) FTP ./incoming directory writeable, on the major /home partition and unchecked to boot. Result was that the /home partition filled up for the second consequetive day. Thereby causing procmail to deliver my mail into the regular mail file, thus greatly enhancing the impression there was a runnaway thread. Caused by yours truly, no less. Now the question would be was there any great hole in the ftpd daemon of late? uname -a gives: FreeBSD nisser.com 3.4-STABLE FreeBSD 3.4-STABLE #16: Sun Feb 13 14:51:41 CET 2000 toor@nisser.com:/usr/src/sys/compile/FORSETI i386 I know, I know, I should've upgraded long ago, as well as ... Also, I checked various sources including Greg's Tome but could not find a 'definitive' answer - probably because there is none - to the question of whether or not 'drwxrwxrwt' looks like permissions *I* - in contrast to some cracker - could've or would've given an incoming directory? I think it's reasonable to guess I could've and would've set the keep bit. Would a cracker take the trouble? I haven't noticed anything but for the filling up of those last and final 1 gig remaining, thereby causing above mentioned weird mail behavior. Couldn't find anything amiss either. Except for an email someone posted in said incoming directory, for peet's sake! Granted, being hacked/cracked would provide enough eggnog to throw one humonguous party. But even so, could it have been done using the 3.4 ftpd in a chrooted setting? Does it sound like it has indeed been done? I do remember tinkering with it. Had to have the facility once for communication with clients. Furthermore, I sure would not put it past me to have forgotten all about it. Including closing, let alone locking, the darned door! Still, I am wondering. Mightely. Roelof PS it *is* a question, maybe it ought've been put to -security. Then again, I'd forgotten I was subscribed to that one. Found 8,002 mails in a ~26 MB or so mailbox. Brrr. -- Home is where the (@) http://eboa.com/ is. Nisser home -- http://nl.nisser.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message