From owner-freebsd-security Mon Jun 26 21:20:37 2000 Delivered-To: freebsd-security@freebsd.org Received: from ns.yogotech.com (ns.yogotech.com [206.127.123.66]) by hub.freebsd.org (Postfix) with ESMTP id 51F6437BE02 for ; Mon, 26 Jun 2000 21:20:34 -0700 (PDT) (envelope-from nate@yogotech.com) Received: from nomad.yogotech.com (nomad.yogotech.com [206.127.123.131]) by ns.yogotech.com (8.9.3/8.9.3) with ESMTP id WAA15784; Mon, 26 Jun 2000 22:20:31 -0600 (MDT) (envelope-from nate@nomad.yogotech.com) Received: (from nate@localhost) by nomad.yogotech.com (8.8.8/8.8.8) id WAA01672; Mon, 26 Jun 2000 22:20:30 -0600 (MDT) (envelope-from nate) Date: Mon, 26 Jun 2000 22:20:30 -0600 (MDT) Message-Id: <200006270420.WAA01672@nomad.yogotech.com> From: Nate Williams MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit To: David Nugent Cc: Nate Williams , freebsd-security@FreeBSD.ORG Subject: Re: Fwd: WuFTPD: Providing *remote* root since at least1994 In-Reply-To: References: <200006261555.JAA18584@nomad.yogotech.com> X-Mailer: VM 6.34 under 19.16 "Lille" XEmacs Lucid Reply-To: nate@yogotech.com (Nate Williams) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > > > > 2) The ability to create a upload directory where files are > > > > automatically chown/chmod'd to a different user, so that > > > > it can't be used as a warez site. > > > > > > Removing visibility of the directory is the classic solution to this, but > > > obviously this is a "security by obscurity" technique, and therefore > > > wrong. > > > > It's not wrong, and it's not obscurity. > > 'wrong' is perhaps too strong, 'not ideal' is better. But this is > a case of obscurity. > > > It's making those files 'unavailable', since there is no other type of > > solution. > > The point is, I guess, that since the uid that put them there can also get > it from there, all that is missing is the ability to view what's there, > so the files are "available", just not advertised as such. Actually, no. Note what I wrote above. It's both chmod/chown'd so that the uploading user can't touch them. They can't over-write them or do anything to modify them once they've been uploaded. > > How else would you make 'uploaded' files unavailable? > > Permissions and ownership of course, as you originally suggested. The > ability to configure the mode on uploaded file modes as 000 without > changing ownership would not be effective unless chmod was denied for the > directory (which you can't do without removing writability or coding > around it). Otherwise a change of owner is required. Visibility or not of > the directory then becomes an administrative option rather than the only > means by which files may be 'protected'. See above. The change of owner is done. Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message