Date: Mon, 14 Oct 1996 08:16:23 +1000 (EST) From: David Nugent <davidn@sdev.usn.blaze.net.au> To: Peter Childs <pjchilds@imforei.apana.org.au> Cc: Antonio Navarro Navarro <hostmaster@bemarnet.es>, freebsd-security@FreeBSD.org Subject: Re: Restricted access via FTP Message-ID: <Pine.BSF.3.95.961014075726.22234A-100000@sdev.usn.blaze.net.au> In-Reply-To: <199610101916.EAA01749@al.imforei.apana.org.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 11 Oct 1996, Peter Childs wrote: > I suggest either finding these, or just modifiying wu-ftpd yourself > so that it "chroot"'s into users home directories when they log in > with ftp. You'll need to remember that if they do chroot then they > require accessable copies of "ls" and stuff like that. > > Perhaps you should make it so that it "chroot"'s to /home and then > have a /home/bin with static binaries users might require for > ftp (like ls) I recall seeing some wu-ftp patches that implemented built-in ls, which would seem to get around this shortfall and also offered a minor boost to performance on very loaded servers. The only thing the user loses on in using this with no special copying of files (which has its own security risks attached - wonder who would place a nice bomb in ~username/bin/ls some time?) would be the gzip/tar capability in wu-ftp. I doubt many would really miss it for non-anon use. Sorry I can't be more specific about the location of the patches, but at the time I didn't need them and didn't take any special note. David Nugent, Unique Computing Pty Ltd - Melbourne, Australia Voice +61-3-791-9547 Data/BBS +61-3-792-3507 3:632/348@fidonet davidn@blaze.net.au http://www.blaze.net.au/~davidn
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95.961014075726.22234A-100000>