Date: Tue, 25 Mar 2003 06:00:26 -0800 (PST) From: Yar Tikhiy <yar@FreeBSD.org> To: freebsd-bugs@FreeBSD.org Subject: Re: bin/48784: No way to disable directory listings in ftpd Message-ID: <200303251400.h2PE0QsE015001@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/48784; it has been noted by GNATS. From: Yar Tikhiy <yar@FreeBSD.org> To: Jeremy Prior <jez@chagford.netcraft.com> Cc: freebsd-gnats-submit@FreeBSD.org Subject: Re: bin/48784: No way to disable directory listings in ftpd Date: Tue, 25 Mar 2003 16:53:40 +0300 Hi Jeremy, First of all, I beg you to keep ``freebsd-gnats-submit@FreeBSD.org'' in Cc: when replying to a mail on a problem report. That is how PR-related mailing is tracked and archived for reference. I've resent your mail to the tracking system's address. On Thu, Mar 20, 2003 at 08:39:03PM +0000, Jeremy Prior wrote: > On Thu, 2003-03-20 at 17:07, Yar Tikhiy wrote: > > Thanks for your bug report, but have you considered removing > > "r" bits from a directory's permissions in order to prohibit > > listing the directory? > > I considered it, but discounted it for three reasons: > > 1. The ftpd shares its directory tree with a webserver. (The idea > is that the users can access the same content either by ftp:// > or http://); > 2. I can't trust people adding content to the site to remember to > do this; and > 3. One patch fixes both of these problems > > (I know allowing access to data via http and ftp isn't recommended, but > this is an intranet site that is only used by a limited set of users - > turning off directory listings is just to prevent people from > `nosing-around' :-) > > > Our stock ftpd(8) is intended to be small and simple, so it > > usually has no functionality that can be achieved by a way > > common for the Unix environment. > > I understand that disabling directory listings doesn't increase security > by much (if at all), but it solves the problem in our case. We've been > running with it for over a year without a problem, so I thought I'd > offer it to a wider audience. Would you mind converting this option from build-time to run-time? It would become handier then. -- Yar To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200303251400.h2PE0QsE015001>