From owner-freebsd-bugs  Tue Mar 25  5:30:20 2003
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7C84937B401
	for <freebsd-bugs@hub.freebsd.org>; Tue, 25 Mar 2003 05:30:18 -0800 (PST)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 2322E43F93
	for <freebsd-bugs@hub.freebsd.org>; Tue, 25 Mar 2003 05:30:18 -0800 (PST)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.12.6/8.12.6) with ESMTP id h2PDUHNS097578
	for <freebsd-bugs@freefall.freebsd.org>; Tue, 25 Mar 2003 05:30:17 -0800 (PST)
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.12.6/8.12.6/Submit) id h2PDUHXX097575;
	Tue, 25 Mar 2003 05:30:17 -0800 (PST)
Date: Tue, 25 Mar 2003 05:30:17 -0800 (PST)
Message-Id: <200303251330.h2PDUHXX097575@freefall.freebsd.org>
To: freebsd-bugs@FreeBSD.org
Cc: 
From: Jeremy Prior <jez@chagford.netcraft.com>
Subject: Re: bin/48784: No way to disable directory listings in ftpd
Reply-To: Jeremy Prior <jez@chagford.netcraft.com>
X-Spam-Status: No, hits=0.0 required=5.0
	tests=none
	version=2.50
X-Spam-Level: 
X-Spam-Checker-Version: SpamAssassin 2.50 (1.173-2003-02-20-exp)
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-bugs.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-bugs>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-bugs>
X-Loop: FreeBSD.org

The following reply was made to PR bin/48784; it has been noted by GNATS.

From: Jeremy Prior <jez@chagford.netcraft.com>
To: Yar Tikhiy <yar@FreeBSD.org>
Cc:  
Subject: Re: bin/48784: No way to disable directory listings in ftpd
Date: 20 Mar 2003 20:39:03 +0000

 On Thu, 2003-03-20 at 17:07, Yar Tikhiy wrote:
 > Thanks for your bug report, but have you considered removing
 > "r" bits from a directory's permissions in order to prohibit
 > listing the directory?
 
 I considered it, but discounted it for three reasons:
 
      1. The ftpd shares its directory tree with a webserver.  (The idea
         is that the users can access the same content either by ftp://
         or http://);
      2. I can't trust people adding content to the site to remember to
         do this; and
      3. One patch fixes both of these problems
 
 (I know allowing access to data via http and ftp isn't recommended, but
 this is an intranet site that is only used by a limited set of users -
 turning off directory listings is just to prevent people from
 `nosing-around' :-)
 
 > Our stock ftpd(8) is intended to be small and simple, so it
 > usually has no functionality that can be achieved by a way
 > common for the Unix environment.
 
 I understand that disabling directory listings doesn't increase security
 by much (if at all), but it solves the problem in our case.  We've been
 running with it for over a year without a problem, so I thought I'd
 offer it to a wider audience.
 
 Thanks for considering it anyway,
 jez
 -- 
 Jeremy Prior <jez@chagford.netcraft.com>

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message