Bugtraq mailing list archives
wu-ftp 2.4.2 (release VR16) /bin/ftponly
From: [@ (Bluefish [@ home])
Date: Sat, 27 Mar 1999 13:21:46 +0100
as I previously reported to euro-coders, since I installed the wu-ftpd version(s) which fixes the beta-18 hole, the good old ftponly hack described at all pages stopped working (linux 2.0.34, originally redhat 5.0 but modified quite a lot. Yes, shell was in /etc/shells.) Anyway, my guess was quite trivial, it probably required the shell to go on forever just as the ssh-ftpd etc. So basicly, I decided that an appropriate solution was to check if the shell is ftpd, otherwise terminate. So, this is my replacement/patch/whatever for a /bin/ftponly which does allow ftponly, which the ones setup as described in various faq's on the net failed. Comments are welcome. This also forwarded to bugtraq. Perhaps a lowpriority, however if many sites suddenly find their anomonous FTPs stop working that is a security problem, as they may temporary downgrade or something equally bad. ---< cut here > #!/bin/sh # # ftponly shell # grepped = 1 means login is ftp. is this a good solution? PID=$$ GREPPED=$( ps auxw | grep ftpd | grep -v grep | awk '{print $1}' | grep -c $PID ) # only used for text messages, kill it if you like. WHOAMI=$(whoami) if [ "$GREPPED" != "1" ]; then echo "You're login appears to be none-ftp. bye bye $WHOAMI!" exit 0 fi # this is not really needed, but still... if [ "$UID" = "0" ]; then echo "Err... Sorry. UID 0 isn't nice!" exit 0 fi # debug message, not really shown to ftpusers anyway echo "[FTPONLY] Login accepted. Welcome $WHOAMI!" # loop forever. cons/pros ? while [ "1" = "1" ] do; sleep 10; done ----< and paste? > [email.ilove] ealliance$hotmail.com || 11a$gmx.net [web.we.rock] http://194.236.13.242/11a/index.html [web.we.rock] http://home.swipnet.se/~w-12702/11A/
Current thread:
- Re: X11R6 NetBSD Security Problem, (continued)
- Re: X11R6 NetBSD Security Problem Petras Sinkevicius (Mar 26)
- FrontPage + Apache + FreeBSD Gregory A. Carter (Mar 22)
- ANNOUNCE: New Security Tool: HostSentry 0.02 Alpha Craig H. Rowland (Mar 25)
- Re: FrontPage + Apache + FreeBSD Roberto Grassi (Mar 26)
- Re: FrontPage + Apache + FreeBSD Gregory A. Carter (Mar 26)
- abuse of nickserv Nelson Little (Mar 23)
- Linux 2.2.3 patch to prevent FIN/NULL/XMAS scans Taral (Mar 24)
- not only NetBSD [was Re: X11R6 NetBSD Security Problem] Pavel Machek (Mar 26)
- Re: X11R6 NetBSD Security Problem Matthieu Herrb (Mar 26)
- Re: X11R6 NetBSD Security Problem Kevin Vajk (Mar 28)
- wu-ftp 2.4.2 (release VR16) /bin/ftponly [ (Mar 27)
- SuSE Security Announcement - XFree86 Marc Heuse (Mar 28)
- Re: X11R6 NetBSD Security Problem /usr/libexec/telnetd (Mar 25)