Date: Tue, 28 Aug 2001 13:50:53 +0100 From: Nik Clayton <nik@freebsd.org> To: Sheldon Hearn <sheldonh@starjuice.net> Cc: Nik Clayton <nik@FreeBSD.org>, audit@FreeBSD.org Subject: Re: cvs commit: src/libexec/ftpd ftpcmd.y ftpd.8 ftpd.c Message-ID: <20010828135053.H46201@clan.nothing-going-on.org> In-Reply-To: <50646.999001778@axl.seasidesoftware.co.za>; from sheldonh@starjuice.net on Tue, Aug 28, 2001 at 02:29:38PM %2B0200 References: <200108281159.f7SBxLW31831@freefall.freebsd.org> <50646.999001778@axl.seasidesoftware.co.za>
next in thread | previous in thread | raw e-mail | index | archive | help
--BXr400anF0jyguTS Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Aug 28, 2001 at 02:29:38PM +0200, Sheldon Hearn wrote: >=20 >=20 > On Tue, 28 Aug 2001 04:59:21 MST, Nik Clayton wrote: >=20 > > Modified files: > > libexec/ftpd ftpcmd.y ftpd.8 ftpd.c=20 > > Log: > > Add a new option, '-o', for "Write-only". Disables the RETR command, > > preventing anyone from downloading files. In conjunction with -A, an= d some > > appropriate file permissions, this lets you create an anonymous FTP d= rop > > box for people to upload files to. >=20 > I plan to change this such that the impact of the -o flag only applies > to guest (anonymous) users. I believe that this change will make the > option more useful, because >=20 > 1) Non-guest users can be influenced on an individual basis, i.e. you > can close a single user's account. The guest users, on the other > hand, are to be feared with respect to abuse by warez monkeys. Since > guest users pose the "unstoppable threat", they're really the ones to > whom this option should apply in the absence of a more configurable > ftpd. >=20 > 2) The proposed change will allow me to protect myself against warez > monkeys abusing my anonymous upload directory while still allowing > non-guest useres with real accounts to retrieve files as expected, > without having to run a second instance of ftpd on a non-standard > port. That may be. But I also want an "all users" option. Yes, by careful setting of directory permissions, /etc/ftpusers, and so on, you can achieve the same effect. But I like defense in depth. So rather than relying on the file system settings, and other files, I'd like to enforce this at the ftpd level as well. N --=20 FreeBSD: The Power to Serve http://www.freebsd.org/ FreeBSD Documentation Project http://www.freebsd.org/docproj/ --- 15B8 3FFC DDB4 34B0 AA5F 94B7 93A8 0764 2C37 E375 --- --BXr400anF0jyguTS Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjuLk6sACgkQk6gHZCw343Wl8ACeJR5j56utbZl8jbgYd/zboFmH RdIAnid10kQHXBfSh6PkNzT64xaekwQl =xtdO -----END PGP SIGNATURE----- --BXr400anF0jyguTS-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010828135053.H46201>