On Thu, Dec 29, 2011 at 04:17:04PM -0500, John Baldwin wrote: > Presumably one could do a static ls. Even with the built-in ls we > create a dummy passwd/group file for the anonymous chroot by default. > I agree a built-in ls is strictly better, however. I would also be > fine with removing all notion of execv for helper programs from ftpd > and have it only ever use the built-in ls via ftpd_popen().
Don't think about our ftpd only. Other ones calls date(1), tar(1), etc. > However, > I do think that this mostly falls down to creating "safe" chroot / jail > areas rather than the OS being able to defend unsafe areas. I agree. We can describe safe way better in our documentation, but can't prevent foot shooting without penalty for "good" admins. Bad example is M$ Windows which tries to prevent foot shooting from _inside_ the system by greedy and annoying permanent antivirus monitoring. -- http://ache.vniz.net/ _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"
