RE: ftpd STOR and STOU work the same ?
On 05-Jan-2002 Riccardo Torrini wrote:
| On 05-Jan-2002 (19:47:53/GMT) Mike Heffner wrote:
|
|>> I noticed a strange behaviour, sending a file twice create
|>> version even if sunique is off, on all versions I can test.
|
|> This is intentional...
|
| This is black magic. I hate it. I hope this would be (soon)
| documented _OR_ make configurable.
| ...or at least tell me where I can un-patch myself ;)
Sure, it can be made configurable. Unfortunately, our current ftpd doesn't
support a config file like lukeftpd, or others, so it would have to be
implemented as a new argument.
The patch is simple, find the following code in ftpd.c, and just remove
the 'guest' in the first conditional.
void
store(name, mode, unique)
char *name, *mode;
int unique;
{
FILE *fout, *din;
struct stat st;
int (*closefunc) __P((FILE *));
if ((unique || guest) && stat(name, &st) == 0 &&
(name = gunique(name)) == NULL) {
LOGCMD(*mode == 'w' ? "put" : "append", name);
return;
}
...
|
|
|> If you need to upload, and overwrite a file, you might try
|> setting up a restricted user for this purpose, that only
|> has write access to a single directory.
|
| Why? Assume I have a very restricted /incoming dir (111) and
| one or two levels or restricted dir under that (.../foo/bar/)
| also with mode=111, and assume that a file named write-me is
| placed in that dir owned by anonimous, mode +w.
| Nothing can imagine files and dir if is unable to list them,
| so only authorized users or automatic robots can read/write
| under that deep path.
True, as long as the filename is not easily guessable, but it's still
security through obsecurity. ;)
|
| Assume also that I need 2^n (a very large number) different
| users to write on my ftp a sort of report, all the times with
| the same name. I can't delete/put because dir is not writable.
I don't quite follow this, do you have some other method involved to
move/copy the files to another location before the next user logs in and
overwrites the file?
|
| Do you think this is a 'too-crazy' request?
No, feel free to submit a patch.
Mike
--
Mike Heffner
Fredericksburg, VA <[EMAIL PROTECTED]>
msg33423/pgp0.pgp
Description: PGP signature
RE: ftpd STOR and STOU work the same ?
On 05-Jan-2002 (19:47:53/GMT) Mike Heffner wrote: >> I noticed a strange behaviour, sending a file twice create >> version even if sunique is off, on all versions I can test. > This is intentional... This is black magic. I hate it. I hope this would be (soon) documented _OR_ make configurable. ...or at least tell me where I can un-patch myself ;) > If you are running an anonymous file drop, you don't want > guest users to be able to overwrite the files of others... I'm over 18 (really 36 :-). I would like to decide myself. I lost two weeks trying to figure why it doesn't work. > If you need to upload, and overwrite a file, you might try > setting up a restricted user for this purpose, that only > has write access to a single directory. Why? Assume I have a very restricted /incoming dir (111) and one or two levels or restricted dir under that (.../foo/bar/) also with mode=111, and assume that a file named write-me is placed in that dir owned by anonimous, mode +w. Nothing can imagine files and dir if is unable to list them, so only authorized users or automatic robots can read/write under that deep path. Are you following me? Assume also that I am in my home, with my local lan isolated from internet or at work (same as above because ftp is _only_ an internal service). Assume also that I need 2^n (a very large number) different users to write on my ftp a sort of report, all the times with the same name. I can't delete/put because dir is not writable. Do you think this is a 'too-crazy' request? > Mike Thanks for your time, Riccardo. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
RE: ftpd STOR and STOU work the same ?
On 04-Jan-2002 Riccardo Torrini wrote: | On 29-Dec-2001 (16:49:06/GMT) Riccardo Torrini wrote: | |> I noticed a strange behaviour, sending a file twice create |> version even if sunique is off, on all versions I can test. | |> This includes: |> - FreeBSD 5.0-CURRENT #0: Sun Dec 9 08:37:55 CET 2001 |> - FreeBSD 4.4-STABLE #6: Fri Oct 12 21:44:36 CEST 2001 |> - FreeBSD 4.5-PRERELEASE #0: Fri Dec 28 18:47:34 CET 2001 |> all updated with cvsup and a fresh installed 4.2 from cdrom: |> - FreeBSD 4.2-RELEASE #0: Mon Nov 20 13:02:55 GMT 2000 | | Also tested on other versions on the same range (4.2 - 5.0) | and noticed that happens only with anonimous (ftp) user but | _not_ with regular users. Hope this can help... | | Tryed with /etc/inetd.conf standard config where ftpd runs | with -l and with my own custom -llSA, the same. | Tryed from local (ftp localhost) and from remote machine, even | with another OS (hpux and openbsd). The same. I'm really sad. | I'm (pretty) sure isn't a 'pilot-error'. Please comfirm this... | | Thanks again. | This is intentional. If you are running an anonymous file drop, you don't want guest users to be able to overwrite the files of others. If you need to upload, and overwrite a file, you might try setting up a restricted user for this purpose, that only has write access to a single directory. Mike -- Mike Heffner Fredericksburg, VA <[EMAIL PROTECTED]> msg33416/pgp0.pgp Description: PGP signature
RE: ftpd STOR and STOU work the same ?
On 29-Dec-2001 (16:49:06/GMT) Riccardo Torrini wrote: > I noticed a strange behaviour, sending a file twice create > version even if sunique is off, on all versions I can test. > This includes: > - FreeBSD 5.0-CURRENT #0: Sun Dec 9 08:37:55 CET 2001 > - FreeBSD 4.4-STABLE #6: Fri Oct 12 21:44:36 CEST 2001 > - FreeBSD 4.5-PRERELEASE #0: Fri Dec 28 18:47:34 CET 2001 > all updated with cvsup and a fresh installed 4.2 from cdrom: > - FreeBSD 4.2-RELEASE #0: Mon Nov 20 13:02:55 GMT 2000 Also tested on other versions on the same range (4.2 - 5.0) and noticed that happens only with anonimous (ftp) user but _not_ with regular users. Hope this can help... Tryed with /etc/inetd.conf standard config where ftpd runs with -l and with my own custom -llSA, the same. Tryed from local (ftp localhost) and from remote machine, even with another OS (hpux and openbsd). The same. I'm really sad. I'm (pretty) sure isn't a 'pilot-error'. Please comfirm this... Thanks again. Riccardo. PS: For those which missed original message here is an archived copy (sorry, long line): http://www.GUFI.org/ricerca.php3?mode=show&id=ml:freebsd-current:192316 To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
