Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 11 Oct 2002 14:45:09 -0400
From:      Erik Gault <e@gaultopia.org>
To:        Lyndon Nerenberg <lyndon@orthanc.ab.ca>
Subject:   Re: Questionable ISO modes on ftp2
Message-ID:  <20021011184509.GC29449@yttrium.gaultopia.org>
In-Reply-To: <200210110047.g9B0laqw008552@orthanc.ab.ca>
References:  <200210110047.g9B0laqw008552@orthanc.ab.ca>
next in thread | previous in thread | raw e-mail | index | archive | help 
mistake.  thanks for pointing it out =).

erik

On Thu, Oct 10, 2002 at 06:47:36PM -0600, Lyndon Nerenberg wrote:
> The permissions for the 4.7 i386 ISO images on ftp2 are:
> 
> 150 Opening ASCII mode data connection for '/bin/ls'.
> total 5487666
> -rw-rw-r--  1 root   65532  639729664 Oct  9 22:11 4.7-disc1.iso
> -rw-rw-r--  1 65532  65532  666075136 Oct  9 07:17 4.7-disc2.iso
> -rw-rw-r--  1 65532  65532  654835712 Oct  8 10:13 4.7-disc3.iso
> -rw-rw-r--  1 65532  65532  648937472 Oct  8 10:47 4.7-disc4.iso
> -rw-rw-r--  1 root   65532  198672384 Oct  9 23:07 4.7-mini.iso
> -rw-rw-r--  1 root   65532        274 Oct  9 23:19 CHECKSUM.MD5
> 226 Transfer complete.
> 
> These look a bit dangerous. While ftpd might be configured read-only,
> the non-root [gu]ids that have write access to the images make me
> nervous. So, this is a gentle nudge to the FTP site admins to take
> a look at the distribution files on your servers and make sure
> the permissions are reasonable (especially in light of the recent
> sendmail distributions compromise).
> 
> While trolling though some other servers, ftp9 shows:
> 
> -rw-rw-r--   1 ftpuser  ftpusers 639729664 Oct  9 17:11 4.7-disc1.iso
> -rw-rw-r--   1 ftpuser  ftpusers 666075136 Oct  9 02:17 4.7-disc2.iso
> -rw-rw-r--   1 ftpuser  ftpusers 654835712 Oct  8 05:13 4.7-disc3.iso
> -rw-rw-r--   1 ftpuser  ftpusers 648937472 Oct  8 05:47 4.7-disc4.iso
> -rw-rw-r--   1 ftpuser  ftpusers 198672384 Oct  9 18:07 4.7-mini.iso
> -rw-rw-r--   1 ftpuser  ftpusers       274 Oct  9 18:19 CHECKSUM.MD5
> 226 Listing completed.
> 
> So maybe the distribution files on ftp-master had mode 664 to begin
> with?
> 
> --lyndon
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-hubs" in the body of the message

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hubs" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021011184509.GC29449>