Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 26 Apr 1999 10:15:49 -0500 (CDT)
From:      James Wyatt <jwyatt@RWSystems.net>
To:        freebsd-security@FreeBSD.ORG
Subject:   Re: limit ftp users to their homedir
Message-ID:  <Pine.BSF.4.05.9904261004100.12068-100000@kasie.rwsystems.net>
In-Reply-To: <199904261236.JAA22225@ns1.sminter.com.ar>

next in thread | previous in thread | raw e-mail | index | archive | help
Reguardless of my preference for BSD license (though I tolerate GPL), I
just flat trust the FreeBSD ftpd more than the rest and it does everything
I need from it - including multi-anon users and internal ls.

We had some AIX and Linux machines with that wuftpd hole. The fix was out
quickly and all, but having 1/3 of the OSs unaffected was nice. I am
considering porting FreeBSDs ftpd to the other two. I know wuftpd is a
great tool and is 'really fixed' now. I know the hole was tiny, but it was
bad and we had a host vulnerable in a bad spot. Bad fire alarm on an
e-commerce server.

If there is no reason to change the OTS binaries, I prefer not to. I
greatly appreciate the free software on the net and rapid source patches
to fix holes. This is why the AIX box had wuftpd rather than OTS AIX ftpd.

On Mon, 26 Apr 1999, Fernando Schapachnik wrote:
> I use wu-ftpd for this and works nice. I also has some other features.
> 
> There is and exploit for the current version -I think it keeps on being 
> the current- so you can get wu-ftpd-VR from another vendor. Sorry I don't 
> recall the URL, but you can find it easily on the Web.
> En un mensaje anterior, erik escribió:
> > 
> > is there a way to deny a registered user access to anything but his own
> > homedirectory?
> > 
> > it would be nice if it was the same as with anonymous access.. ie. users
> > who cwd to "/" , 
> > really enters the virtual ftp root instead of the real system root.



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9904261004100.12068-100000>