Date: Sun, 25 Jun 2000 22:46:03 -0600 (MDT) From: Nate Williams <nate@yogotech.com> To: Matt Miller <matt.miller@thelinuxstore.com> Cc: Keith Stevenson <k.stevenson@louisville.edu>, Mike Tancsa <mike@sentex.ca>, Garrett Wollman <wollman@khavrinen.lcs.mit.edu>, freebsd-security@FreeBSD.ORG Subject: Re: Fwd: WuFTPD: Providing *remote* root since at least1994 Message-ID: <200006260446.WAA15773@nomad.yogotech.com> In-Reply-To: <20000623162955.A72949@daffy.mics.net> References: <Pine.BSF.4.21.0006222230390.65791-100000@achilles.silby.com> <4.2.2.20000622201823.0479a690@mail.sentex.net> <200006231713.NAA49665@khavrinen.lcs.mit.edu> <3.0.5.32.20000623154848.02d2d6c0@marble.sentex.ca> <20000623163411.A1412@osaka.louisville.edu> <20000623162955.A72949@daffy.mics.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> > > What about > > > > > > --enable-paranoid > > > > > > as part of the config ? As so much seems to be related to the site exec > > > command, perhaps its best to just disable this ? > > > > While I'm all for actually fixing the problems in the code, I've found that > > the --enable-paranoid options to be a good one. I've been tinkering around > > with the exploit and the paranoid option seems to defend against it. I don't > > think that any of my users will miss the SITE EXEC commands. > > > > If one were interested in improving the ftpd which ships with the base > system, which features would make it a viable replacement those > currently running wu-ftpd? I'll add a couple. 1) The ability to limit the # of active anonymous connections in a simple manner. 2) The ability to create a upload directory where files are automatically chown/chmod'd to a different user, so that it can't be used as a warez site. 3) The ability to be easily chrooted for paranoia. Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200006260446.WAA15773>