From owner-freebsd-security Mon Jun 26 8:55:50 2000 Delivered-To: freebsd-security@freebsd.org Received: from ns.yogotech.com (ns.yogotech.com [206.127.123.66]) by hub.freebsd.org (Postfix) with ESMTP id C77CC37B8ED for ; Mon, 26 Jun 2000 08:55:47 -0700 (PDT) (envelope-from nate@yogotech.com) Received: from nomad.yogotech.com (nomad.yogotech.com [206.127.123.131]) by ns.yogotech.com (8.9.3/8.9.3) with ESMTP id JAA09678; Mon, 26 Jun 2000 09:55:45 -0600 (MDT) (envelope-from nate@nomad.yogotech.com) Received: (from nate@localhost) by nomad.yogotech.com (8.8.8/8.8.8) id JAA18584; Mon, 26 Jun 2000 09:55:44 -0600 (MDT) (envelope-from nate) Date: Mon, 26 Jun 2000 09:55:44 -0600 (MDT) Message-Id: <200006261555.JAA18584@nomad.yogotech.com> From: Nate Williams MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit To: David Nugent Cc: Nate Williams , freebsd-security@FreeBSD.ORG Subject: Re: Fwd: WuFTPD: Providing *remote* root since at least1994 In-Reply-To: References: <200006260446.WAA15773@nomad.yogotech.com> X-Mailer: VM 6.34 under 19.16 "Lille" XEmacs Lucid Reply-To: nate@yogotech.com (Nate Williams) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > > 2) The ability to create a upload directory where files are > > automatically chown/chmod'd to a different user, so that > > it can't be used as a warez site. > > Removing visibility of the directory is the classic solution to this, but > obviously this is a "security by obscurity" technique, and therefore > wrong. It's not wrong, and it's not obscurity. It's making those files 'unavailable', since there is no other type of solution. How else would you make 'uploaded' files unavailable? Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message