Great Circle Associates Firewalls
(February 1994)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: re:ftpd & passwd files.
From: Ray Hunter ECD <RHUNTER%ESOC . BITNET @ vm . gmd . de>
Date: Thu, 3 Feb 94 17:58:12 CET
To: <Firewalls @ GreatCircle . COM>
Comments: Converted from PROFS to RFC822 format by PUMP V2.2X

Thanks for the replies about ~ftp/passwd files.

To summarise it looks like I have at least 2 choices:

1) try to customize the WUarchive version of FTPD to run a little
neater under a chrooted environment created by TIS netacl (e.g. there's
a few PATH defs in the tools that assume the ftpcount & ftpshut
are running from the same root point as the ftpd).

I don't think I'd do the second chroot for anonymous users to a seperate area.
(simply by having the ftp entry something like ftp:*:x:x:/:/bin/noshell)

I would then use mjr's code as a basis for stopping access to ~ftp/etc/passwd
(remembering that this file IS actually used by the WU FTPD for ftp USER
commands)

I also quite like the suggestion of sending a spoof file quietly.


2) Use the TIS shipped FTPD together with AUTHD to give me the chrooted
environment I want, and try to add in some of the features I like about
the WU FTPD that way.

This seems the most flexible approach, as a lot of the options I want
are to do with access, which I can implement in Authd & Netacl without
me screwing up the rather larger FTPD code.

e.g. There's no need for the 'class' features of WU FTPD, as you can
simply start up a totally different version of the daemon from Netacl.

I do not think I will attempt the Network Flamethrower suggested by
Michael Nittman. I may burn myself accidentally.

Comments anyone?

Of course all this is IMVHO. ;-)

______________________RHUNTER @
 ESOC .
 BITNET________________________
Ray Hunter: Cray Systems on contract to the European Space Agency
Tel. +49 6151 902953                          FAX.+49 6151 902908
Room B107, ESOC, Robert Bosch Strasse 5, 64293 DARMSTADT, Germany

Indexed By Date Previous: Re: NFS mounts
From: "Michael Nittmann, Principal Communications Analyst, The Trane Company (608 787 3792)" <NITTMANN @ UWLAX . EDU>
Next: Re: NFS mounts
From: robert @ puente . jpl . nasa . gov (Robert Angelino)
Indexed By Thread Previous: Re: NFS mounts
From: smb @ research . att . com
Next: Re: manufacturer's codes for Ethernet controllers
From: pascal @ netcom . com (Conan)

Google
 
Search Internet Search www.greatcircle.com