From owner-freebsd-doc  Sat Nov  3  5:30: 6 2001
Delivered-To: freebsd-doc@freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id 3914D37B419
	for <freebsd-doc@freebsd.org>; Sat,  3 Nov 2001 05:30:02 -0800 (PST)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.11.4/8.11.4) id fA3DU2J05288;
	Sat, 3 Nov 2001 05:30:02 -0800 (PST)
	(envelope-from gnats)
Date: Sat, 3 Nov 2001 05:30:02 -0800 (PST)
Message-Id: <200111031330.fA3DU2J05288@freefall.freebsd.org>
To: freebsd-doc@freebsd.org
Cc: 
From: Cyrille Lefevre <clefevre@citeweb.net>
Subject: Re: docs/31720: man ftpd(8) omits potentially crucial security warning
Reply-To: Cyrille Lefevre <clefevre@citeweb.net>
Sender: owner-freebsd-doc@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-doc.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-doc>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-doc>
X-Loop: FreeBSD.org

The following reply was made to PR docs/31720; it has been noted by GNATS.

From: Cyrille Lefevre <clefevre@citeweb.net>
To: Anatoly Karp <karp@math.wisc.edu>
Cc: FreeBSD-gnats-submit@freebsd.org
Subject: Re: docs/31720: man ftpd(8) omits potentially crucial security warning
Date: Sat, 3 Nov 2001 14:22:08 +0100 (CET)

 Anatoly Karp wrote:
 [snip]
 > >Description:
 > Man ftpd(8) suggests giving ~ftp/pub directory the permission
 > bits of 777 without adequately explaining potentially
 > unpleasant security implications of such a step. It is
 > suggested that
 > 
 > 	
 > >How-To-Repeat:
 > $ man ftpd
 > [snip]
 >          ~ftp/pub  Make this directory mode 777 and owned by ``ftp''.
 >                    Guests can then place files which are to be accessible
 >                    via the anonymous account in this directory.
 > [snip]
 > 	
 > >Fix:
 > Change the corresponding paragraph to, say:
 > 
 >         ~ftp/pub  Make this directory mode 700 and owned by ``ftp''.
 >                   Making this directory world-writable will
 > 		  open you to a variety of DoS attacks as
 > 		  well as being used for warez.
 
 IMHO, you shouldn't use the `DoS attacks' or `warez' terms unless
 you explain them. not everybody known what's a `DoS attacks' or a
 `warez'.
 
 Cyrille.
 -- 
 Cyrille Lefevre                 mailto:clefevre@citeweb.net

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-doc" in the body of the message