Bugtraq mailing list archives
Re: Bad Advise
From: smb () research att com (smb () research att com)
Date: Tue, 26 Jul 94 00:28:37 EDT
Here is some advise from Sun that I highly recommend you DO NOT DO. If you look at the MAN page for ftpd, you will see the following advise: the following rules are recommended. ~ftp) Make the home directory owned by ``ftp'' and unwritable by anyone. I highly recommend you change that to owned by ``root''. If anyone can lo g in as ftp, there is nothing to stop them from doing SITE CHMOD 777 to the main directory and putting .rhosts or .forward there allowing instant access. With advise like that, who needs trojans? Of course, Sun's ftpd doesn't support chmod. Not that that excuses their advice, but it's not *quite* as bad... (I'm talking about 4.1.x, for some values of x.)
Current thread:
- coredumps on setuid programs. ddzehr () telecom ksu edu (Jul 22)
- Re: coredumps on setuid programs. George Boyce (Jul 22)
- Bad Advise Christopher Klaus (Jul 24)
- Re: Bad Advise smb () research att com (Jul 25)
- Re: Bad Advise Christopher Klaus (Jul 26)
- Re: Bad Advise Chris Ellwood (Jul 25)
- Re: Bad Advise G.J.W. Hagenaars (Jul 26)
- Re: Bad Advise Mark Moraes (Jul 26)
- Re: Bad Advise Philip Yzarn de Louraille (Jul 27)
- Bad Advise Christopher Klaus (Jul 24)
- Re: Bad Advise jim () Tadpole COM (Jul 26)
- Re: Re: Bad Advise Pete Hartman (Jul 26)
- Re: Bad Advise Evil Pete (Jul 26)
- Re: Bad Advise David Lawrence Oppenheimer (Jul 26)
- Re: coredumps on setuid programs. George Boyce (Jul 22)
- Re: Bad Advise Harold van Aalderen (Jul 26)