as I previously reported to euro-coders, since I installed the wu-ftpd version(s) which fixes the beta-18 hole, the good old ftponly hack described at all pages stopped working (linux 2.0.34, originally redhat 5.0 but modified quite a lot. Yes, shell was in /etc/shells.) Anyway, my guess was quite trivial, it probably required the shell to go on forever just as the ssh-ftpd etc. So basicly, I decided that an appropriate solution was to check if the shell is ftpd, otherwise terminate. So, this is my replacement/patch/whatever for a /bin/ftponly which does allow ftponly, which the ones setup as described in various faq's on the net failed. Comments are welcome. This also forwarded to bugtraq. Perhaps a lowpriority, however if many sites suddenly find their anomonous FTPs stop working that is a security problem, as they may temporary downgrade or something equally bad. ---< cut here > #!/bin/sh # # ftponly shell # grepped = 1 means login is ftp. is this a good solution? PID=$$ GREPPED=$( ps auxw | grep ftpd | grep -v grep | awk '{print $1}' | grep -c $PID ) # only used for text messages, kill it if you like. WHOAMI=$(whoami) if [ "$GREPPED" != "1" ]; then echo "You're login appears to be none-ftp. bye bye $WHOAMI!" exit 0 fi # this is not really needed, but still... if [ "$UID" = "0" ]; then echo "Err... Sorry. UID 0 isn't nice!" exit 0 fi # debug message, not really shown to ftpusers anyway echo "[FTPONLY] Login accepted. Welcome $WHOAMI!" # loop forever. cons/pros ? while [ "1" = "1" ] do; sleep 10; done ----< and paste? > [email.ilove] ealliance$hotmail.com || 11a$gmx.net [web.we.rock] http://194.236.13.242/11a/index.html [web.we.rock] http://home.swipnet.se/~w-12702/11A/
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:40:46 PDT