Date: Fri, 14 Feb 1997 03:30:27 -0500 From: "Troy Settle" <rewt@i-Plus.net> To: questions@freebsd.org Subject: ftpd security problem? Message-ID: <199702140816.DAA01556@Radford.i-Plus.net>
next in thread | raw e-mail | index | archive | help
I upgraded from 2.1.6 to 2.2, and everything went smoothly. I didn't loose any users, any mail (that I'm aware of), or anything else for that matter. However, last night, I got a call from my boss, telling me that he was logged in anonymously to the ftp server, and was able to delete files at will. I thought he might be mistaken, but I verified this myself, and was able to do anything with the files under /var/ftp (chroot was still in effect, and yes, everything was chmod o-w). Switching over to wu_ftpd fixed this. No real worries from me, but I thought others might be interested in this. -- Troy Settle <st@i-Plus.net> Network Administrator, iPlus Internet Services http://www.i-Plus.net ( Stuff I said does not reflect the company I work ) ( for unless I'm speaking on behalf of said company )
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199702140816.DAA01556>