> -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf > Of Daniel Ouellet > Sent: Wednesday, June 29, 2005 9:34 PM > To: Roy Morris > Cc: [email protected] > Subject: Re: secure ftpd upload for specific file restricted by type? > > Roy Morris wrote: > > why not have a cron job that looks in a directory, and runs file(1) > > against it. parse the output and > > see if it's 'really' a pdf or not? .. if yes -> move it otherwise rm > the > > junk. Or I could be nuts once > > again :) > > > > I really wanted to avoid cronjob if possible. Yes it would work, but > it > might be the only way. Still I am trying to explore different ways, if > any obviously. > > Daniel
Maybe it's a dumb idea but.. I was thinking whether it would be doable to: 1. Record/cache the incoming ftp/ssh data upload (tcpdump?, proxy?) 2. Separate the want-to-be-uploaded data 3. Identify the data -magic numbers for pdf, sort of like in previously suggested file(1) command (http://filext.com/detaillist.php?extdetail=pdf&Submit3=Go%21)? -maybe there's something like: http://mark0.net/soft-onlinetrid-e.html that can be used? I mean the mail attachment types and extension forgeries can be pretty accurately pinpointed - the qmail-scanner (http://qmail-scanner.sourceforge.net/) like solution but applied to cached network traffic (?) 4. If the content is recognized as pdf then it is written down to the desired location. If it's not to dev/null Obviously there are issues to be taken into consideration like: how much traffic there would have to be recorded, is it even possible to get around the problem that the ssh/scp/sftp traffic is encrypted (how to read it), is the identification of format certain enough.. and probably more which I don't know about. Maybe there are some security factors that would render the idea useless - I'm not an expert, but then again if there are any possible security threats to the OpenBSD configuration/setup this is the group to ask about it, isn't it :]? Best Regards, T.W.
