Re: Q: suiddir on ~ftp/incoming?

From: Karsten W. Rohrbach (karsten@rohrbach.de)
Date: 06/10/01


Date: Sun, 10 Jun 2001 16:57:18 +0200
From: "Karsten W. Rohrbach" <karsten@rohrbach.de>
To: Glen Foster <gfoster@gfoster.com>


if you need an incoming directory, thinkining about mode 0333 is way
okay, you should consider writing the files themselves mode 0000 and
change them later when moving them out of incoming and into place.
this quenches the w4r3z d00dz pretty effectively.

/k

Glen Foster(gfoster@gfoster.com)@2001.06.09 13:18:19 +0000:
> Standard ftpd on a not-so-old 4.3-S. With the less-than-sterling
> record of more featureful FTP servers, I'd like to find a way to stick
> with old faithful.
>
> Is it a bad idea to make a directory, ~ftp/incoming, with perms=5333,
> on an anonymous FTP server as a "dropbox" for uploading? No untrusted
> shell accounts on the machine in question.
>
> As most who try to provide drop boxes discover, warez d00dz quickly
> find them and manage to fill them up with bit strings that, according
> to some, are worth billions of dollars each and every year. They do
> this by the mechanism of creating a directory that is owned by "ftp,"
> with which and in they can play their little games at will.
>
> The intention is, by enforcing suiddir, the directories and files they
> create won't be listable, thus removing much of the raison d'etre for
> their creation.
>
> Of course, the "filler" will still be able to write, fill up the disk,
> etc. but the hordes who follow after will be dissuaded and not consume
> all your mbufs with their requests.
>
> Anybody done this? Results over time?
>
> Yes, it is a form of STO easily defeated by miscreants keeping a
> directory of uploaded files and sharing it with customers. But, in
> practice, is it worthwhile to do?
>
> Any insight would be appreciated,
> Glen Foster <gfoster@gfoster.com>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message

-- 
> A Puritan is someone who is deathly afraid that someone, somewhere, is
> having fun.
KR433/KR11-RIPE -- WebMonster Community Founder -- nGENn GmbH Senior Techie
http://www.webmonster.de/ -- ftp://ftp.webmonster.de/ -- http://www.ngenn.net/
karsten&rohrbach.de -- alpha&ngenn.net -- alpha&scene.org -- catch@spam.de
GnuPG 0x2964BF46 2001-03-15 42F9 9FFF 50D4 2F38 DBEE  DF22 3340 4F4E 2964 BF46

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message