Bugtraq mailing list archives
Re: Bad Advise
From: harold () sara nl (Harold van Aalderen)
Date: Tue, 26 Jul 1994 14:30:08 +0200
In message <199407242039.QAA17499 () shadow net> you write:
Here is some advise from Sun that I highly recommend you DO NOT DO. If you look at the MAN page for ftpd, you will see the following advise: the following rules are recommended. ~ftp) Make the home directory owned by ``ftp'' and unwritable by anyone.
I haven't seen a system yet where this is _NOT_ in the manpage of ftpd. I guess it was in the original BSD manpage and nobody ever bothers to update it. AIX all versions, IRIX all versions, UNICOS and as mentioned SunOS all state the ~ftp should be owned by user ftp and mode 555. Some of these systems do allow the SITE CHMOD command. The first aftp-server I installed this way was hacked within 24 hours. I informed CERT-NL (Dutch version of CERT) I got the reply that I should follow the CERT recommendations about setting up anonymous ftp. Harold van Aalderen |email: harold () sara nl system programmer/site security contact | SARA (Academic Computing Services Amsterdam) |phone: +31 20 5923000 PO Box 94613 1090 GP Amsterdam The Netherlands|fax : +31 20 6683167
Current thread:
- Re: Bad Advise, (continued)
- Re: Bad Advise smb () research att com (Jul 25)
- Re: Bad Advise Christopher Klaus (Jul 26)
- Re: Bad Advise Chris Ellwood (Jul 25)
- Re: Bad Advise G.J.W. Hagenaars (Jul 26)
- Re: Bad Advise Mark Moraes (Jul 26)
- Re: Bad Advise Philip Yzarn de Louraille (Jul 27)
- Re: Bad Advise jim () Tadpole COM (Jul 26)
- Re: Re: Bad Advise Pete Hartman (Jul 26)
- Re: Bad Advise Evil Pete (Jul 26)
- Re: Bad Advise David Lawrence Oppenheimer (Jul 26)
- Re: Bad Advise Harold van Aalderen (Jul 26)
- Re: Bad Advise Christopher Klaus (Jul 26)
- Re: Bad Advise Timothy Newsham (Jul 27)
- -froot??? (AIX rlogin bug) Eric Wedaa (Jul 29)
- Re: -froot??? (AIX rlogin bug) Aaron Eppert (Jul 29)
- Re: -froot??? (AIX rlogin bug) Mark G. Scheuern (Jul 30)
- Re: -froot??? (AIX rlogin bug) Alexander Haiut (Jul 30)
- Re: -froot??? (AIX rlogin bug) Baba Z Buehler (Jul 30)
- Solaris problems? James W. Abendschan (Jul 29)
- Re: Solaris problems? Steve Davis (Jul 30)
- Re: Solaris problems? jsz (Jul 30)