Date: Sat, 2 Dec 2000 19:00:10 +1300 (NZDT) From: Andrew McNaughton <andrew@scoop.co.nz> To: cjclark@alum.mit.edu Cc: Nate Williams <nate@yogotech.com>, James Wyatt <jwyatt@rwsystems.net>, Christoph Kukulies <kuku@gilberto.physik.rwth-aachen.de>, freebsd-security@FreeBSD.ORG Subject: Re: which ftpd Message-ID: <Pine.BSF.3.96.1001202174348.15375H-100000@aurora.scoop.co.nz> In-Reply-To: <20001201195847.J99903@149.211.6.64.reflexcom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 1 Dec 2000, Crist J . Clark wrote: > On Fri, Dec 01, 2000 at 10:49:06AM -0700, Nate Williams wrote: > > > I've found the stock FreeBSD FTPd really good. It offers a chrooted > > > account I've had to take the WUFTPd risk for before on Linux. If you > > > turn-up the logging you can easily catch things like this. (btw: this > > > looks like some warez d00dz building a nest. I've had it happen before and > > > there have been some FTPd holes that required writable anon-ftp to work.) > > > Using the FTPd xfer log, you can easily audit uploaded files and spot > > > things like this. You can also have an automatic process watch the log > > > and move the files to a quarrantine area. > > > > Do you have an example setup you could post to the list? One of the > > issues I'd like to have is an ftpd that allows uploads, but either moves > > them or changes the permissions on them as soon as the files are > > uploaded, to avoid having folks abuse the system for warez. > > How about hardcoding the UMASK to 777? Should be a trivial code hack. You could do this in much the same way that people do in order to use pop logins to authenticate smtp relaying. If you start the daemon with 'ftpd -l -l' then you get syslog messages which a process could use to monitor and act on new uploads. -- Andrew McNaughton Scoop Media Ltd andrew@scoop.co.nz To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.1001202174348.15375H-100000>