Date: Mon, 26 Jun 2000 22:20:30 -0600 (MDT) From: Nate Williams <nate@yogotech.com> To: David Nugent <davidn@blaze.net.au> Cc: Nate Williams <nate@yogotech.com>, freebsd-security@FreeBSD.ORG Subject: Re: Fwd: WuFTPD: Providing *remote* root since at least1994 Message-ID: <200006270420.WAA01672@nomad.yogotech.com> In-Reply-To: <Pine.BSF.4.21.0006271102300.7433-100000@biscuit.mel.ausisp.net> References: <200006261555.JAA18584@nomad.yogotech.com> <Pine.BSF.4.21.0006271102300.7433-100000@biscuit.mel.ausisp.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> > > > 2) The ability to create a upload directory where files are > > > > automatically chown/chmod'd to a different user, so that > > > > it can't be used as a warez site. > > > > > > Removing visibility of the directory is the classic solution to this, but > > > obviously this is a "security by obscurity" technique, and therefore > > > wrong. > > > > It's not wrong, and it's not obscurity. > > 'wrong' is perhaps too strong, 'not ideal' is better. But this is > a case of obscurity. > > > It's making those files 'unavailable', since there is no other type of > > solution. > > The point is, I guess, that since the uid that put them there can also get > it from there, all that is missing is the ability to view what's there, > so the files are "available", just not advertised as such. Actually, no. Note what I wrote above. It's both chmod/chown'd so that the uploading user can't touch them. They can't over-write them or do anything to modify them once they've been uploaded. > > How else would you make 'uploaded' files unavailable? > > Permissions and ownership of course, as you originally suggested. The > ability to configure the mode on uploaded file modes as 000 without > changing ownership would not be effective unless chmod was denied for the > directory (which you can't do without removing writability or coding > around it). Otherwise a change of owner is required. Visibility or not of > the directory then becomes an administrative option rather than the only > means by which files may be 'protected'. See above. The change of owner is done. Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200006270420.WAA01672>