Date: Sun, 20 Jan 2002 03:30:02 -0800 From: Alfred Perlstein <bright@mu.org> To: Aaron Smith <aaron-fbsd@mutex.org> Cc: freebsd-hackers@freebsd.org Subject: Re: ftpd patch that saves me a lot of hassle Message-ID: <20020120033002.C13686@elvis.mu.org> In-Reply-To: <20020119122812.E909@gelatinous.com>; from aaron-fbsd@mutex.org on Sat, Jan 19, 2002 at 12:28:12PM -0800 References: <20020119122812.E909@gelatinous.com>
next in thread | previous in thread | raw e-mail | index | archive | help
* Aaron Smith <aaron-fbsd@mutex.org> [020119 12:29] wrote:
> I got sick of (presumably) warez people probing my anonymous ftp site and
> dropping all kinds of hard-to-delete trash in incoming, so I patched my
> ftpd to only allow directories to start with alphanumerics. There's
> probably a better solution, but this works for me so I figure'd I'd share.
>
> Combining this with a umask that doesn't allow reading uploaded files keeps
> things reasonably well in hand.
This is cool, would be cooler if it was a regex or something to validate
the names passed in via a command line, also could be used to protect
against evil filenames. :)
>
> --Aaron
>
>
> Index: ftpd.c
> ===================================================================
> RCS file: /usr/cvs/src/libexec/ftpd/ftpd.c,v
> retrieving revision 1.62.2.15
> diff -u -r1.62.2.15 ftpd.c
> --- ftpd.c 2001/12/18 18:35:55 1.62.2.15
> +++ ftpd.c 2002/01/19 09:47:42
> @@ -2216,6 +2216,12 @@
> {
>
> LOGCMD("mkdir", name);
> +
> + if (!isalnum(*name)) {
> + reply(521, "Bite me.");
> + return;
> + }
> +
> if (mkdir(name, 0777) < 0)
> perror_reply(550, name);
> else
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-hackers" in the body of the message
--
-Alfred Perlstein [alfred@freebsd.org]
'Instead of asking why a piece of software is using "1970s technology,"
start asking why software is ignoring 30 years of accumulated wisdom.'
Tax deductable donations for FreeBSD: http://www.freebsdfoundation.org/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020120033002.C13686>