Bug 31719

Summary: ftpd(8) could use improved security explanation
Product: Base System Reporter: Anatoly Karp <karp>
Component: binAssignee: freebsd-doc (Nobody) <doc>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: 1.0-RELEASE   
Hardware: Any   
OS: Any   

Description Anatoly Karp 2001-11-03 06:50:01 UTC 
 Submitter-Id:	current-users
 Originator:	Anatoly Karp
 Organization:	private
 Confidential:	no 
 Synopsis:	man ftpd(8) omits potentially crucial security warning
 Severity:	serious
 Priority:	high
 Category:	docs
 Class:		doc-bug 
 Release:	FreeBSD 4.4-STABLE i386
 Environment:
 System: FreeBSD rust098-017.resnet.wisc.edu 4.4-STABLE FreeBSD 4.4-STABLE #1: Wed Oct 31 03:26:58 CST 2001 karp@rust098-017.resnet.wisc.edu:/usr/obj/usr/src/sys/TOL_KERN6 i386
 
 
 Description:
 Man ftpd(8) suggests giving ~ftp/pub directory the permission
 bits of 777 without adequately explaining potentially
 unpleasant security implications of such a step. It is
 suggested that
 
 
 How-To-Repeat:
 $ man ftpd
 
 <snip>
          ~ftp/pub  Make this directory mode 777 and owned by ``ftp''.
                    Guests can then place files which are to be accessible
                    via the anonymous account in this directory.
 <snip>
 
 Fix:
 
 Change the corresponding paragraph to, say:
 
         ~ftp/pub  Make this directory mode 700 and owned by ``ftp''.
                   Making this directory world-writable will
 		  open you to a variety of DoS attacks as
 		  well as being used for warez.
Comment 1 dd freebsd_committer freebsd_triage 2001-11-04 22:00:33 UTC 
Responsible Changed
From-To: gnats-admin->freebsd-bugs

refile
Comment 2 wilko freebsd_committer freebsd_triage 2001-11-24 11:07:35 UTC 
Responsible Changed
From-To: freebsd-bugs->doc

PR suggests man page improvement
Comment 3 Mike Heffner freebsd_committer freebsd_triage 2001-11-26 06:13:02 UTC 
State Changed
From-To: open->closed

Duplicate of misc/30690.