From owner-freebsd-net@FreeBSD.ORG Tue Jul 18 12:55:53 2006 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 803D716A4DA; Tue, 18 Jul 2006 12:55:53 +0000 (UTC) (envelope-from b.candler@pobox.com) Received: from rune.pobox.com (rune.pobox.com [208.210.124.79]) by mx1.FreeBSD.org (Postfix) with ESMTP id EB99843D53; Tue, 18 Jul 2006 12:55:52 +0000 (GMT) (envelope-from b.candler@pobox.com) Received: from rune (localhost [127.0.0.1]) by rune.pobox.com (Postfix) with ESMTP id D05B17A3E9; Tue, 18 Jul 2006 08:56:13 -0400 (EDT) Received: from mappit.local.linnet.org (212-74-113-67.static.dsl.as9105.com [212.74.113.67]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by rune.sasl.smtp.pobox.com (Postfix) with ESMTP id 4644C1EB68; Tue, 18 Jul 2006 08:56:11 -0400 (EDT) Received: from lists by mappit.local.linnet.org with local (Exim 4.61 (FreeBSD)) (envelope-from ) id 1G2p75-0006xS-NP; Tue, 18 Jul 2006 13:55:47 +0100 Date: Tue, 18 Jul 2006 13:55:47 +0100 From: Brian Candler To: Mikhail Teterin Message-ID: <20060718125547.GB26642@uk.tiscali.com> References: <200607171306.01882.mi+mx@aldan.algebra.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200607171306.01882.mi+mx@aldan.algebra.com> User-Agent: Mutt/1.4.2.1i Cc: isp@freebsd.org, net@freebsd.org Subject: Re: forcing FTP-uploaded files to be of certain types only X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Jul 2006 12:55:53 -0000 On Mon, Jul 17, 2006 at 01:06:01PM -0400, Mikhail Teterin wrote: > How hard would it be to make the stock FreeBSD FTP-server to examine the > first, say, 100Kb of the uploaded file and interrupt transfer if the file is > of a prohibited or is not of an allowed type? > > Anything under 100Kb is fine, I guess, and 100Kb is more than enough to detect > compression or lack thereof... I think the first few bytes should be enough to tell you if it's a gzip, pkzip or compress archive: $ gzip -c -9 /etc/services | head -c64 | file - /dev/stdin: gzip compressed data, was "services", from Unix, max compression $ compress -c /etc/services | head -c64 | file - /dev/stdin: compress'd data 16 bits $ zip - /etc/services | head -c64 | file - adding: etc/services /dev/stdin: Zip archive data, at least v2.0 to extract How wedded are you to FTP? If this was a HTTP 'PUT' then a simple CGI could read in 100 bytes, check it is compressed (e.g. with libmagic), then copy through the rest of the file. The result from the PUT can be a HTML page saying "all OK" or "please compress your data first" Regards, Brian.