[186] in linux-security and linux-alert archive
Re: Slackware
daemon@ATHENA.MIT.EDU (Sam Hartman)
Sun Mar 26 15:21:27 1995
Date: Sun, 26 Mar 1995 14:12:01 -0500
From: Sam Hartman <hartmans@MIT.EDU>
To: Elias Levy <elias@power.net>
CC: linux-security@tarsier.cv.nrao.edu
In-reply-to: "[185] in linux-security and linux-alert archive"
[mod: As always, replies to Sam, please. Can you post a summary, Sam? --okir]
While we're on the subject of Slackware bugs, I've noticed
this being exploited on a system I help administer here at MIT, and
it's present in the current distributions. First, enabled by default
and ~ftp/incoming is writable by user ftp.
This is unfortunate, because the ftpd shipped with Slackware
supports site chmod. If a group of friendly software distribution
experts want to borrow some of your diskspace, they generally do
something along the lines of creating ~ftp/incoming/.unreadable. They
then chmod this directory (owned by ftp who created it) to 700. The
user I was dealing with then created a directory name that was all
backspaces, and then set up a pirate files subtree under this new
directory.
I really don't know of a secure way of setting up an incoming
directory for anonymous ftp with the Linux ftpd, as I can't figure out
how to disable site chmod or mkdir.
--Sam
