Subject: uhhh.. OpenBSD was secure i thought?
To: None <current-users@NetBSD.ORG>
From: None <tooleym@Douglas.BC.CA>
List: current-users
Date: 11/14/1997 22:46:06
Go check out ftp.openbsd.org in /incoming/test
Is the way they've set up their incoming directory on purpose? So that
anyone can just come in and store files there?
Correct me if I'm wrong, but usually when this happens it's called a
misconfiguration and the ability to create directories in an open anonymous
ftp directory which is as fast as their machine is is whipped closed as soon
as the (usually embarrassed) sysadmin find out about it.
Ha ha ha.. and OpenBSD was bragging about how secure they are. Again, if
I'm not mistaken, here's the perfect example of the fact that no matter how
secure a system is supposed to be, if it's not admin'ed properly, it doesn't
matter.
Of course, maybe this open /incoming directory is there for easy
redistribution of certain source/fixes/whatever?
However, it's in quite a ripe position to be exploited by pie_rats as a fast
intermediary with a large storage capacity, is it not? A damn FAST
repository. I was dl'ing the latest OpenBSD release at nearly 50K/s at some
point.
Anyways, maybe someone can fill me in?
Marc
tooleym@douglas.bc.ca
--