Date: Sat, 19 Jan 2002 12:28:12 -0800 From: Aaron Smith <aaron-fbsd@mutex.org> To: freebsd-hackers@freebsd.org Subject: ftpd patch that saves me a lot of hassle Message-ID: <20020119122812.E909@gelatinous.com>
next in thread | raw e-mail | index | archive | help
I got sick of (presumably) warez people probing my anonymous ftp site and
dropping all kinds of hard-to-delete trash in incoming, so I patched my
ftpd to only allow directories to start with alphanumerics. There's
probably a better solution, but this works for me so I figure'd I'd share.
Combining this with a umask that doesn't allow reading uploaded files keeps
things reasonably well in hand.
--Aaron
Index: ftpd.c
===================================================================
RCS file: /usr/cvs/src/libexec/ftpd/ftpd.c,v
retrieving revision 1.62.2.15
diff -u -r1.62.2.15 ftpd.c
--- ftpd.c 2001/12/18 18:35:55 1.62.2.15
+++ ftpd.c 2002/01/19 09:47:42
@@ -2216,6 +2216,12 @@
{
LOGCMD("mkdir", name);
+
+ if (!isalnum(*name)) {
+ reply(521, "Bite me.");
+ return;
+ }
+
if (mkdir(name, 0777) < 0)
perror_reply(550, name);
else
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020119122812.E909>