Date: Tue, 25 Mar 2003 05:30:17 -0800 (PST) From: Jeremy Prior <jez@chagford.netcraft.com> To: freebsd-bugs@FreeBSD.org Subject: Re: bin/48784: No way to disable directory listings in ftpd Message-ID: <200303251330.h2PDUHXX097575@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/48784; it has been noted by GNATS.
From: Jeremy Prior <jez@chagford.netcraft.com>
To: Yar Tikhiy <yar@FreeBSD.org>
Cc:
Subject: Re: bin/48784: No way to disable directory listings in ftpd
Date: 20 Mar 2003 20:39:03 +0000
On Thu, 2003-03-20 at 17:07, Yar Tikhiy wrote:
> Thanks for your bug report, but have you considered removing
> "r" bits from a directory's permissions in order to prohibit
> listing the directory?
I considered it, but discounted it for three reasons:
1. The ftpd shares its directory tree with a webserver. (The idea
is that the users can access the same content either by ftp://
or http://);
2. I can't trust people adding content to the site to remember to
do this; and
3. One patch fixes both of these problems
(I know allowing access to data via http and ftp isn't recommended, but
this is an intranet site that is only used by a limited set of users -
turning off directory listings is just to prevent people from
`nosing-around' :-)
> Our stock ftpd(8) is intended to be small and simple, so it
> usually has no functionality that can be achieved by a way
> common for the Unix environment.
I understand that disabling directory listings doesn't increase security
by much (if at all), but it solves the problem in our case. We've been
running with it for over a year without a problem, so I thought I'd
offer it to a wider audience.
Thanks for considering it anyway,
jez
--
Jeremy Prior <jez@chagford.netcraft.com>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200303251330.h2PDUHXX097575>