From owner-freebsd-audit Tue Aug 28 5:52:10 2001 Delivered-To: freebsd-audit@freebsd.org Received: from nothing-going-on.demon.co.uk (pc-62-31-42-140-hy.blueyonder.co.uk [62.31.42.140]) by hub.freebsd.org (Postfix) with ESMTP id 174F337B40A; Tue, 28 Aug 2001 05:52:02 -0700 (PDT) (envelope-from nik@nothing-going-on.demon.co.uk) Received: (from nik@localhost) by nothing-going-on.demon.co.uk (8.11.3/8.11.3) id f7SCoru44923; Tue, 28 Aug 2001 13:50:53 +0100 (BST) (envelope-from nik) Date: Tue, 28 Aug 2001 13:50:53 +0100 From: Nik Clayton To: Sheldon Hearn Cc: Nik Clayton , audit@FreeBSD.org Subject: Re: cvs commit: src/libexec/ftpd ftpcmd.y ftpd.8 ftpd.c Message-ID: <20010828135053.H46201@clan.nothing-going-on.org> References: <200108281159.f7SBxLW31831@freefall.freebsd.org> <50646.999001778@axl.seasidesoftware.co.za> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="BXr400anF0jyguTS" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <50646.999001778@axl.seasidesoftware.co.za>; from sheldonh@starjuice.net on Tue, Aug 28, 2001 at 02:29:38PM +0200 Organization: FreeBSD Project Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --BXr400anF0jyguTS Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Aug 28, 2001 at 02:29:38PM +0200, Sheldon Hearn wrote: >=20 >=20 > On Tue, 28 Aug 2001 04:59:21 MST, Nik Clayton wrote: >=20 > > Modified files: > > libexec/ftpd ftpcmd.y ftpd.8 ftpd.c=20 > > Log: > > Add a new option, '-o', for "Write-only". Disables the RETR command, > > preventing anyone from downloading files. In conjunction with -A, an= d some > > appropriate file permissions, this lets you create an anonymous FTP d= rop > > box for people to upload files to. >=20 > I plan to change this such that the impact of the -o flag only applies > to guest (anonymous) users. I believe that this change will make the > option more useful, because >=20 > 1) Non-guest users can be influenced on an individual basis, i.e. you > can close a single user's account. The guest users, on the other > hand, are to be feared with respect to abuse by warez monkeys. Since > guest users pose the "unstoppable threat", they're really the ones to > whom this option should apply in the absence of a more configurable > ftpd. >=20 > 2) The proposed change will allow me to protect myself against warez > monkeys abusing my anonymous upload directory while still allowing > non-guest useres with real accounts to retrieve files as expected, > without having to run a second instance of ftpd on a non-standard > port. That may be. But I also want an "all users" option. Yes, by careful setting of directory permissions, /etc/ftpusers, and so on, you can achieve the same effect. But I like defense in depth. So rather than relying on the file system settings, and other files, I'd like to enforce this at the ftpd level as well. N --=20 FreeBSD: The Power to Serve http://www.freebsd.org/ FreeBSD Documentation Project http://www.freebsd.org/docproj/ --- 15B8 3FFC DDB4 34B0 AA5F 94B7 93A8 0764 2C37 E375 --- --BXr400anF0jyguTS Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjuLk6sACgkQk6gHZCw343Wl8ACeJR5j56utbZl8jbgYd/zboFmH RdIAnid10kQHXBfSh6PkNzT64xaekwQl =xtdO -----END PGP SIGNATURE----- --BXr400anF0jyguTS-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message