Date: Wed, 07 May 1997 09:59:59 +0300 From: Nadav Eiron <nadav@barcode.co.il> To: rajesha@ct-yardley.com Cc: freebsd-questions@FreeBSD.ORG, rakeshs@ct-yardley.com Subject: Re: ftp daemon Message-ID: <3370286F.6FFE@barcode.co.il> References: <199705062201.SAA18737@boris.theeddy.com>
next in thread | previous in thread | raw e-mail | index | archive | help
rajesha@ct-yardley.com wrote:
>
> This is in regards to a problem in the ftp daemon supplied with the
> FreeBSD (Rel 2.1.7). The problem is:
>
> 1) Suppose I logged in as one of the designated ftp user. The ftp
> daemon would place the user in this directory ('/home/ftp/user')
> Then suppose if he did a 'cd ..', he/she would be at /home/ftp'
> Then he/she reissued the 'cd..' command thus placing them
> in '/home' directory (on my system, /home -> /usr/home)
>
> 2) If an anonymous ftp user logs in, he is not able to go beyond
> the '/home/ftp' even if he tries 'cd ..' two or more times.
>
> This would be a security risk if an ftp users other than
> anonymous can get to system areas through ftp!!. Are there any other
> settings that need to be set in the ftp resource files
>
> I would appreciate if you could give some hints or pointers regarding
> these issues!!
Use wu-ftpd. It's in the ports/packages collection and has a zillion
options, including the option to chroot when doing standard logins (with
user names).
>
> Rajesh Acharya
> Cybertech Intl, Inc.
Nadav
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3370286F.6FFE>