[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Configuring ftpd for upload: second phase with chflags

To: Marco S Hyman <marc@snafu.org>
Subject: Re: Configuring ftpd for upload: second phase with chflags
From: Saād KADHI <Saad.KADHI@neurocom.com>
Date: Fri, 01 Sep 2000 19:54:23 +0200
Cc: OpenBSD Misc <misc@openbsd.org>, ljt@neurocom.com
Organization: NEUROCOM
References: <31652.967829800@hana.snafu.org>



>  > configuring ftpd for upload) & the answers I've got, I used chflags with
>  > uappnd for the /upload directory:
>  > An ls -lo looks like this:
>  > dr-xr-xr-x  3  root   ftp   -   512  Sep  1 12:12  pub
>  > dr-x------   2  root   ftp   -   512   Sep   1  18:34 reserved
>  > drwxrwxrwx   3   root   ftp   uappnd   512   Sep   1   18:41   upload
>  >
>  > Even if the perms are 777 on the upload dir, users (including root) can
>
> I think you're leaving yourself open to be used as an ftp file drop.
> Random user can make directories and add files to the directories.
> Other random users can read the directories.  Example:
>
>         $ mkdir xxx
>         $ chflags uappnd xxx
>         $ mkdir xxx/yyy
>         $ echo this is a test > xxx/yyy/zzz
>         $ cat xxx/yyy/zzz
>         this is a test
>         $ rm xxx/yyy/zzz

Oh you are right ! I thought chflags were inherited. Is there a means to do so
for the subdirs and any subdir created by a user on the /upload dir ???

Thanks for your help!



--
Saad KADHI -- Security Engineer
---------------------------------
"He who relieves the poor makes Ahura King"

References:
- Re: Configuring ftpd for upload: second phase with chflags
  - From: Marco S Hyman <marc@snafu.org>

Prev by Date: Re: Next Question Star Office
Next by Date: Re: Next Question Star Office
Prev by thread: Re: Configuring ftpd for upload: second phase with chflags
Next by thread: Re: Configuring ftpd for upload: second phase with chflags
Index(es):
- Date
- Thread