Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.411 (Entity 5.404) X-RT-Original-Encoding: iso-8859-1 Content-Length: 3451 From wolfgang@wsrcc.com Tue Feb 24 17:57:41 1998 Received: from MIT.EDU (SOUTH-STATION-ANNEX.MIT.EDU [18.72.1.2]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id RAA10129 for ; Tue, 24 Feb 1998 17:57:41 -0500 Received: from c460058-a.frmt1.sfba.home.com by MIT.EDU with SMTP id AA16619; Tue, 24 Feb 98 17:57:39 EST Received: (from wolfgang@localhost) by capsicum.wsrcc.com (8.8.8/8.8.8) id OAA29895; Tue, 24 Feb 1998 14:57:38 -0800 (PST) Message-Id: <199802242257.OAA29895@capsicum.wsrcc.com> Date: Tue, 24 Feb 1998 14:57:38 -0800 (PST) From: Wolfgang Rupprecht To: krb5-bugs@MIT.EDU Subject: krb5 ftpd >Number: 553 >Category: krb5-appl >Synopsis: ftpd guest behavior >Confidential: no >Severity: serious >Priority: medium >Responsible: tlyu >State: analyzed >Class: sw-bug >Submitter-Id: unknown >Arrival-Date: Tue Feb 24 17:58:01 EST 1998 >Last-Modified: Fri Sep 14 10:44:19 EDT 2001 >Originator: Wolfgang Rupprecht >Organization: -- Wolfgang Rupprecht http://www.wsrcc.com/wolfgang/ Never trust a program you don't have sources for. >Release: >Environment: >Description: Krb5 ftpd had two significant bugs that interact badly. 1) anon-ftp can create directories in ~/incoming. These directories are normal read/write directories that can be used as drop boxes for anonymous third parties. 2) the syslog-ing of anonymouse ftp commands doesn't work. This allows the above folks to mostly evade detection. -wolfgang >How-To-Repeat: >Fix: >Audit-Trail: Responsible-Changed-From-To: gnats-admin->tlyu Responsible-Changed-By: tlyu Responsible-Changed-When: Tue Feb 24 21:45:08 1998 Responsible-Changed-Why: Refiled State-Changed-From-To: open-analyzed State-Changed-By: tlyu State-Changed-When: Tue Feb 24 21:45:26 1998 State-Changed-Why: First part fixed. src/gssftp/ftpd/ftpcmd.y 1.6 From: Tom Yu To: wolfgang@wsrcc.com Cc: krb5-bugs@MIT.EDU Subject: Re: krb5-appl/553: krb5 ftpd Date: Tue, 24 Feb 1998 21:49:59 -0500 Thanks for the tip. We've fixed our sources to check certain commands (mkdir, rmdir, chmod, umask) against anonymous users. Adding verbose sysloging capabilities is not really on our priority list, though, as really people should be using wu-ftpd if they're running an anonymous ftp server. Granted, we do have a student who's working on adding gssapi authentication to wu-ftpd, though that is still not yet ready. Arguably, we should emphasize in our documentation that our ftpd is not intended to be used with anonymous users. ---Tom From: Wolfgang Rupprecht To: Tom Yu Cc: krb5-bugs@MIT.EDU Subject: Re: krb5-appl/553: krb5 ftpd Date: Tue, 24 Feb 1998 22:46:55 -0800 (PST) Tom Yu writes: > We've fixed our sources to check certain commands (mkdir, rmdir, > chmod, umask) against anonymous users. Adding verbose sysloging > capabilities is not really on our priority list, Actually, the last time I had a look at the code it seemed that there was logging in place that would do the trick. The problem was that the chroot seemed to clobber it. It wasn't immidiately obvious what was wrong with it. -wolfgang -- Wolfgang Rupprecht http://www.wsrcc.com/wolfgang/ Never trust a program you don't have sources for. >Unformatted: