Date: Sat, 27 Jan 2001 00:32:13 +0100 From: Roelof Osinga <roelof@nisser.com> To: Tim McMillen <timcm@umich.edu>, Mike Meyer <mwm@mired.org>, "Albert D. Cahalan" <acahalan@cs.uml.edu>, questions@FreeBSD.ORG Subject: incoming perms [was Re: OT: non-Unix ...] Message-ID: <3A7208FD.B9C877F4@nisser.com> References: <14957.31196.939559.889627@guru.mired.org> <14959.23870.728403.859934@guru.mired.org> <3A6F61DC.39E9CF0D@nisser.com> <01012419080209.24525@tim.elnsng1.mi.home.com> <3A71F92A.4F0CEA07@nisser.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Roelof Osinga wrote: > > Yes. With hindsight - and I got good hindsight! lots of practice - > ... > Now. What to do with all that egg on my face? Anybody fancy > eggnog? <g,d&(keeping)r> Well, looking back :), it wasn't so bad after all. More egg, more eggnog, ... PARTY!! ;) The reason I thought it so bad was in part that, somehow, I'd left my (anonymous) FTP ./incoming directory writeable, on the major /home partition and unchecked to boot. Result was that the /home partition filled up for the second consequetive day. Thereby causing procmail to deliver my mail into the regular mail file, thus greatly enhancing the impression there was a runnaway thread. Caused by yours truly, no less. Now the question would be was there any great hole in the ftpd daemon of late? uname -a gives: FreeBSD nisser.com 3.4-STABLE FreeBSD 3.4-STABLE #16: Sun Feb 13 14:51:41 CET 2000 toor@nisser.com:/usr/src/sys/compile/FORSETI i386 I know, I know, I should've upgraded long ago, as well as ... Also, I checked various sources including Greg's Tome but could not find a 'definitive' answer - probably because there is none - to the question of whether or not 'drwxrwxrwt' looks like permissions *I* - in contrast to some cracker - could've or would've given an incoming directory? I think it's reasonable to guess I could've and would've set the keep bit. Would a cracker take the trouble? I haven't noticed anything but for the filling up of those last and final 1 gig remaining, thereby causing above mentioned weird mail behavior. Couldn't find anything amiss either. Except for an email someone posted in said incoming directory, for peet's sake! Granted, being hacked/cracked would provide enough eggnog to throw one humonguous party. But even so, could it have been done using the 3.4 ftpd in a chrooted setting? Does it sound like it has indeed been done? I do remember tinkering with it. Had to have the facility once for communication with clients. Furthermore, I sure would not put it past me to have forgotten all about it. Including closing, let alone locking, the darned door! Still, I am wondering. Mightely. Roelof PS it *is* a question, maybe it ought've been put to -security. Then again, I'd forgotten I was subscribed to that one. Found 8,002 mails in a ~26 MB or so mailbox. Brrr. -- Home is where the (@) http://eboa.com/ is. Nisser home -- http://nl.nisser.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3A7208FD.B9C877F4>