Subject: Re: Securing Anonymous FTP Uploads
To: Curt Sampson <firstname.lastname@example.org>
From: Assar Westerlund <email@example.com>
Date: 03/29/1997 07:34:48
Curt Sampson <firstname.lastname@example.org> writes:
> > > * Disables the umask, chmod, delete and rmdir commands for anonymous
> > > users.
> > Yes, and mkdir should not be disabled. It makes it a lot easier if
> > R. Luser can put his gazillion different files in one directory.
> Not much point to this, since with a umask of 707 or 777, he won't
> be able to put anything into that directory, or even cd to it.
An explicit chmod is done after the mkdir for anonymous users.
> > Furthermore, anonymous users has restrictions on the filenames they
> > may create.
> I have no wish to put this in at all. Since the files can't be
> downloaded anyway, there's not much point in adding code like this.
It makes the mess you have to clean-up after warez-uploader somewhat
nicer and I don't see any reason that they have to be able to create
any filenames they like.