Date: Sat, 3 Nov 2001 05:30:02 -0800 (PST) From: Cyrille Lefevre <clefevre@citeweb.net> To: freebsd-doc@freebsd.org Subject: Re: docs/31720: man ftpd(8) omits potentially crucial security warning Message-ID: <200111031330.fA3DU2J05288@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR docs/31720; it has been noted by GNATS. From: Cyrille Lefevre <clefevre@citeweb.net> To: Anatoly Karp <karp@math.wisc.edu> Cc: FreeBSD-gnats-submit@freebsd.org Subject: Re: docs/31720: man ftpd(8) omits potentially crucial security warning Date: Sat, 3 Nov 2001 14:22:08 +0100 (CET) Anatoly Karp wrote: [snip] > >Description: > Man ftpd(8) suggests giving ~ftp/pub directory the permission > bits of 777 without adequately explaining potentially > unpleasant security implications of such a step. It is > suggested that > > > >How-To-Repeat: > $ man ftpd > [snip] > ~ftp/pub Make this directory mode 777 and owned by ``ftp''. > Guests can then place files which are to be accessible > via the anonymous account in this directory. > [snip] > > >Fix: > Change the corresponding paragraph to, say: > > ~ftp/pub Make this directory mode 700 and owned by ``ftp''. > Making this directory world-writable will > open you to a variety of DoS attacks as > well as being used for warez. IMHO, you shouldn't use the `DoS attacks' or `warez' terms unless you explain them. not everybody known what's a `DoS attacks' or a `warez'. Cyrille. -- Cyrille Lefevre mailto:clefevre@citeweb.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-doc" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200111031330.fA3DU2J05288>