From owner-freebsd-security  Fri Dec  1 19:58:58 2000
Delivered-To: freebsd-security@freebsd.org
Received: from mailhost01.reflexnet.net (mailhost01.reflexnet.net [64.6.192.82])
	by hub.freebsd.org (Postfix) with ESMTP id 4C8E937B400
	for <freebsd-security@freebsd.org>; Fri,  1 Dec 2000 19:58:56 -0800 (PST)
Received: from 149.211.6.64.reflexcom.com ([64.6.211.149]) by mailhost01.reflexnet.net  with Microsoft SMTPSVC(5.5.1877.197.19);
	 Fri, 1 Dec 2000 19:57:23 -0800
Received: (from cjc@localhost)
	by 149.211.6.64.reflexcom.com (8.11.0/8.11.0) id eB23wlK22178;
	Fri, 1 Dec 2000 19:58:47 -0800 (PST)
	(envelope-from cjc)
Date: Fri, 1 Dec 2000 19:58:47 -0800
From: "Crist J . Clark" <cjclark@reflexnet.net>
To: Nate Williams <nate@yogotech.com>
Cc: James Wyatt <jwyatt@rwsystems.net>,
	Christoph Kukulies <kuku@gilberto.physik.rwth-aachen.de>,
	freebsd-security@FreeBSD.ORG
Subject: Re: which ftpd
Message-ID: <20001201195847.J99903@149.211.6.64.reflexcom.com>
Reply-To: cjclark@alum.mit.edu
References: <200012010823.JAA24840@gilberto.physik.rwth-aachen.de> <Pine.BSF.4.10.10012010332310.42770-100000@bsdie.rwsystems.net> <14887.58514.983118.454312@nomad.yogotech.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0i
In-Reply-To: <14887.58514.983118.454312@nomad.yogotech.com>; from nate@yogotech.com on Fri, Dec 01, 2000 at 10:49:06AM -0700
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Fri, Dec 01, 2000 at 10:49:06AM -0700, Nate Williams wrote:
> > I've found the stock FreeBSD FTPd really good. It offers a chrooted
> > account I've had to take the WUFTPd risk for before on Linux. If you
> > turn-up the logging you can easily catch things like this. (btw: this
> > looks like some warez d00dz building a nest. I've had it happen before and
> > there have been some FTPd holes that required writable anon-ftp to work.)
> > Using the FTPd xfer log, you can easily audit uploaded files and spot
> > things like this. You can also have an automatic process watch the log 
> > and move the files to a quarrantine area.
> 
> Do you have an example setup you could post to the list?  One of the
> issues I'd like to have is an ftpd that allows uploads, but either moves
> them or changes the permissions on them as soon as the files are
> uploaded, to avoid having folks abuse the system for warez.

How about hardcoding the UMASK to 777? Should be a trivial code hack.
-- 
Crist J. Clark                           cjclark@alum.mit.edu


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message