Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Re: Bad Advise
From: shipley () merde dis org (Evil Pete)
Date: Tue, 26 Jul 1994 16:01:14 -0700


Christopher W. Klaus wrote:

% Here is some advise from Sun that I highly recommend you DO NOT DO.
% 
%           Make the home directory owned by ``ftp'' and unwritable
%           by anyone. 
% 
% I highly recommend you change that to owned by ``root''.  

I was thinking about ownership of the whole ftp-tree by user `nobody'. Are
there any benefits to using `root' instead of `nobody'?



personaly I have a dedicated ftp server that mounts the /ftp partition
via tcp-nfs as a readonly partition. (I only use tcp NFS because cause
they are more resistant to udp NFS attacks).  

for those with suns I suppose you can use the loopback filesystem
and loopback mount the file system readonly then set the readonly mount as
the chroot for ftp as the readonly mount.


for example:
    passwd:
        ftp:*:12:11:FTP User Uid:/ftp:/no exist
    fstab:
        /dev/sd3d       /home/ftp       4.2     rw,nosuid       1 3
        /home/ftp       /ftp            lofs    ro,nosuid,noquota       0 0

thus people that ftp will not be able to do anything to the partition
and yet user can add/delete/modify files.


WARNING:  lofs has a security bug in SunOS 4.0.3 (fixed in 4.1 and higher)
        that allowed root to delete any file even if the filesystem was
        mounted readonly.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]