Date: Sun, 25 Aug 1996 18:49:11 -0500 (CDT) From: Jason Garman <garman@phs.k12.ar.us> To: questions@freebsd.org Subject: Automated ftpd setup in sysinstall: security hole Message-ID: <Pine.LNX.3.91.960825184437.24852A-100000@phs.k12.ar.us>
next in thread | raw e-mail | index | archive | help
After installing 2.1.5 and telling sysinstall to setup my anonymous ftp directories for me (the easy way out eh? :-)), I noticed that sysinstall makes /var/ftp/pub owned by _ftp_, not root like all of the other directories. Isn't this a major security hole? I just tried uploading a file to my /pub and then successfully deleted it, all from the anonymous account. Who would I report this to? security-officer? -- Jason Garman http://www.nesc.k12.ar.us/~garman/ Student, Eleanor Roosevelt High School garman@phs.k12.ar.us
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.3.91.960825184437.24852A-100000>