Date: Sat, 05 Jan 2002 18:38:15 -0500 (EST) From: Mike Heffner <mheffner@novacoxmail.com> To: Riccardo Torrini <riccardo@torrini.org> Cc: freebsd-stable@FreeBSD.ORG, freebsd-current@FreeBSD.ORG Subject: RE: ftpd STOR and STOU work the same ? Message-ID: <XFMail.20020105183815.mheffner@novacoxmail.com> In-Reply-To: <XFMail.20020105230608.riccardo@torrini.org>
next in thread | previous in thread | raw e-mail | index | archive | help
This message is in MIME format
--_=XFMail.1.5.2.FreeBSD:20020105183815:186=_
Content-Type: text/plain; charset=us-ascii
On 05-Jan-2002 Riccardo Torrini wrote:
| On 05-Jan-2002 (19:47:53/GMT) Mike Heffner wrote:
|
|>> I noticed a strange behaviour, sending a file twice create
|>> version even if sunique is off, on all versions I can test.
|
|> This is intentional...
|
| This is black magic. I hate it. I hope this would be (soon)
| documented _OR_ make configurable.
| ...or at least tell me where I can un-patch myself ;)
Sure, it can be made configurable. Unfortunately, our current ftpd doesn't
support a config file like lukeftpd, or others, so it would have to be
implemented as a new argument.
The patch is simple, find the following code in ftpd.c, and just remove
the 'guest' in the first conditional.
void
store(name, mode, unique)
char *name, *mode;
int unique;
{
FILE *fout, *din;
struct stat st;
int (*closefunc) __P((FILE *));
if ((unique || guest) && stat(name, &st) == 0 &&
(name = gunique(name)) == NULL) {
LOGCMD(*mode == 'w' ? "put" : "append", name);
return;
}
...
|
|
|> If you need to upload, and overwrite a file, you might try
|> setting up a restricted user for this purpose, that only
|> has write access to a single directory.
|
| Why? Assume I have a very restricted /incoming dir (111) and
| one or two levels or restricted dir under that (.../foo/bar/)
| also with mode=111, and assume that a file named write-me is
| placed in that dir owned by anonimous, mode +w.
| Nothing can imagine files and dir if is unable to list them,
| so only authorized users or automatic robots can read/write
| under that deep path.
True, as long as the filename is not easily guessable, but it's still
security through obsecurity. ;)
|
| Assume also that I need 2^n (a very large number) different
| users to write on my ftp a sort of report, all the times with
| the same name. I can't delete/put because dir is not writable.
I don't quite follow this, do you have some other method involved to
move/copy the files to another location before the next user logs in and
overwrites the file?
|
| Do you think this is a 'too-crazy' request?
No, feel free to submit a patch.
Mike
--
Mike Heffner <mheffner@[acm.]vt.edu>
Fredericksburg, VA <mikeh@FreeBSD.org>
--_=XFMail.1.5.2.FreeBSD:20020105183815:186=_
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org
iD8DBQE8N45mFokZQs3sv5kRAmMVAJ0Vpnk6QpOgMEfCiuL1VblP++OH/QCeMhi/
M+hkhIWB+rCBaKQ4jgzrnKM=
=WHdI
-----END PGP SIGNATURE-----
--_=XFMail.1.5.2.FreeBSD:20020105183815:186=_--
End of MIME message
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?XFMail.20020105183815.mheffner>