Date: Mon, 26 Jun 2000 09:55:44 -0600 (MDT) From: Nate Williams <nate@yogotech.com> To: David Nugent <davidn@blaze.net.au> Cc: Nate Williams <nate@yogotech.com>, freebsd-security@FreeBSD.ORG Subject: Re: Fwd: WuFTPD: Providing *remote* root since at least1994 Message-ID: <200006261555.JAA18584@nomad.yogotech.com> In-Reply-To: <Pine.BSF.4.21.0006261609140.5511-100000@biscuit.mel.ausisp.net> References: <200006260446.WAA15773@nomad.yogotech.com> <Pine.BSF.4.21.0006261609140.5511-100000@biscuit.mel.ausisp.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> > 2) The ability to create a upload directory where files are > > automatically chown/chmod'd to a different user, so that > > it can't be used as a warez site. > > Removing visibility of the directory is the classic solution to this, but > obviously this is a "security by obscurity" technique, and therefore > wrong. It's not wrong, and it's not obscurity. It's making those files 'unavailable', since there is no other type of solution. How else would you make 'uploaded' files unavailable? Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200006261555.JAA18584>