From owner-freebsd-security Wed Oct 11 18:54:32 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail.rpi.edu (mail.rpi.edu [128.113.100.7]) by hub.freebsd.org (Postfix) with ESMTP id 78C4037B503 for ; Wed, 11 Oct 2000 18:54:29 -0700 (PDT) Received: from [128.113.24.47] (gilead.acs.rpi.edu [128.113.24.47]) by mail.rpi.edu (8.9.3/8.9.3) with ESMTP id VAA405078 for ; Wed, 11 Oct 2000 21:54:28 -0400 Mime-Version: 1.0 X-Sender: drosih@mail.rpi.edu Message-Id: In-Reply-To: References: Date: Wed, 11 Oct 2000 21:54:27 -0400 To: freebsd-security@FreeBSD.ORG From: Garance A Drosihn Subject: Re: setup anon-ftp without incoming directory Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 11:22 AM -0400 10/11/00, Garance A Drosihn wrote: >In that initial setup, it seems that you must have >some 'incoming' directory. I tried to leave that field >blank in the dialog, and I still got an 'incoming' >directory which was world writable. > >Usually I remember to go back and remove that, but I >forgot on some recent install (installing 'stable', >a few months ago). Have there been any changes to >the anon-ftp setup which would allow one to specify >NO incoming directory recently? I missed saying what was significant about this. On that install where I forgot to remove incoming, I later found that a few unknown persons had found the world- writable directory, and were using my disk for storage space. That had not been my intent... >If not, that might be a nice change to make... Which is to say, if someone blanks-out the field for an 'incoming' directory in the setup for anon-ftp, then there should be no world-writable directory created under ~ftp IMO. --- Garance Alistair Drosehn = gad@eclipse.acs.rpi.edu Senior Systems Programmer or drosih@rpi.edu Rensselaer Polytechnic Institute To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message