Date: Thu, 10 Oct 2002 18:47:36 -0600 (MDT) From: Lyndon Nerenberg <lyndon@orthanc.ab.ca> To: hubs@freebsd.org Subject: Questionable ISO modes on ftp2 Message-ID: <200210110047.g9B0laqw008552@orthanc.ab.ca>
next in thread | raw e-mail | index | archive | help
The permissions for the 4.7 i386 ISO images on ftp2 are: 150 Opening ASCII mode data connection for '/bin/ls'. total 5487666 -rw-rw-r-- 1 root 65532 639729664 Oct 9 22:11 4.7-disc1.iso -rw-rw-r-- 1 65532 65532 666075136 Oct 9 07:17 4.7-disc2.iso -rw-rw-r-- 1 65532 65532 654835712 Oct 8 10:13 4.7-disc3.iso -rw-rw-r-- 1 65532 65532 648937472 Oct 8 10:47 4.7-disc4.iso -rw-rw-r-- 1 root 65532 198672384 Oct 9 23:07 4.7-mini.iso -rw-rw-r-- 1 root 65532 274 Oct 9 23:19 CHECKSUM.MD5 226 Transfer complete. These look a bit dangerous. While ftpd might be configured read-only, the non-root [gu]ids that have write access to the images make me nervous. So, this is a gentle nudge to the FTP site admins to take a look at the distribution files on your servers and make sure the permissions are reasonable (especially in light of the recent sendmail distributions compromise). While trolling though some other servers, ftp9 shows: -rw-rw-r-- 1 ftpuser ftpusers 639729664 Oct 9 17:11 4.7-disc1.iso -rw-rw-r-- 1 ftpuser ftpusers 666075136 Oct 9 02:17 4.7-disc2.iso -rw-rw-r-- 1 ftpuser ftpusers 654835712 Oct 8 05:13 4.7-disc3.iso -rw-rw-r-- 1 ftpuser ftpusers 648937472 Oct 8 05:47 4.7-disc4.iso -rw-rw-r-- 1 ftpuser ftpusers 198672384 Oct 9 18:07 4.7-mini.iso -rw-rw-r-- 1 ftpuser ftpusers 274 Oct 9 18:19 CHECKSUM.MD5 226 Listing completed. So maybe the distribution files on ftp-master had mode 664 to begin with? --lyndon To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hubs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200210110047.g9B0laqw008552>