Date: Fri, 1 Dec 2000 11:38:51 -0500 (EST) From: Garrett Wollman <wollman@khavrinen.lcs.mit.edu> To: Kris Kennaway <kris@FreeBSD.ORG> Cc: Christoph Kukulies <kuku@gilberto.physik.rwth-aachen.de>, freebsd-security@FreeBSD.ORG Subject: Re: which ftpd Message-ID: <200012011638.LAA39951@khavrinen.lcs.mit.edu> In-Reply-To: <20001201003104.A41598@citusc17.usc.edu> References: <200012010823.JAA24840@gilberto.physik.rwth-aachen.de> <20001201003104.A41598@citusc17.usc.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
<<On Fri, 1 Dec 2000 00:31:04 -0800, Kris Kennaway <kris@FreeBSD.ORG> said: > Basically all of the third party ftpds in ports have had numerous > security problems - the in-system one has been vulnerability-free > for quite a while now. That doesn't imply that they are currently insecure. The advice that other people have given (e.g., running ftpd in a jail) is helpful, and of course the best thing you can do for anonymous FTP is to prohibit uploads altogether. If you need to allow uploads, several of the servers provide a much greater level of control over that function than standard UNIX permissions. For example, wuftpd allows the administrator to restrict uploads to a specific directory, and specify permissions for newly-uploaded files which will prevent them from being downloaded. (Merely setting the directory to 733 mode doesn't help -- the 31337 w4r3z d00dz don't need to be able to read the directory to download the files their friends have deposited there.) -GAWollman To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200012011638.LAA39951>