Bug 31720
| Summary: | man ftpd(8) omits potentially crucial security warning | ||
|---|---|---|---|
| Product: | Documentation | Reporter: | Anatoly Karp <karp> |
| Component: | Books & Articles | Assignee: | freebsd-doc (Nobody) <doc> |
| Status: | Closed FIXED | ||
| Severity: | Affects Only Me | ||
| Priority: | Normal | ||
| Version: | Latest | ||
| Hardware: | Any | ||
| OS: | Any | ||
Anatoly Karp wrote: [snip] > >Description: > Man ftpd(8) suggests giving ~ftp/pub directory the permission > bits of 777 without adequately explaining potentially > unpleasant security implications of such a step. It is > suggested that > > > >How-To-Repeat: > $ man ftpd > [snip] > ~ftp/pub Make this directory mode 777 and owned by ``ftp''. > Guests can then place files which are to be accessible > via the anonymous account in this directory. > [snip] > > >Fix: > Change the corresponding paragraph to, say: > > ~ftp/pub Make this directory mode 700 and owned by ``ftp''. > Making this directory world-writable will > open you to a variety of DoS attacks as > well as being used for warez. IMHO, you shouldn't use the `DoS attacks' or `warez' terms unless you explain them. not everybody known what's a `DoS attacks' or a `warez'. Cyrille. -- Cyrille Lefevre mailto:clefevre@citeweb.net State Changed From-To: open->closed This is a duplicate of 30690, the changes it describes have been committed to -CURRENT and merged to -STABLE already. Thank you for your work, in submitting this report. |
Man ftpd(8) suggests giving ~ftp/pub directory the permission bits of 777 without adequately explaining potentially unpleasant security implications of such a step. It is suggested that Fix: Change the corresponding paragraph to, say: ~ftp/pub Make this directory mode 700 and owned by ``ftp''. Making this directory world-writable will open you to a variety of DoS attacks as well as being used for warez. How-To-Repeat: $ man ftpd [snip] ~ftp/pub Make this directory mode 777 and owned by ``ftp''. Guests can then place files which are to be accessible via the anonymous account in this directory. [snip]