as I previously reported to euro-coders, since I installed the wu-ftpd
version(s) which fixes the beta-18 hole, the good old ftponly hack
described at all pages stopped working (linux 2.0.34, originally redhat
5.0 but modified quite a lot. Yes, shell was in /etc/shells.)
Anyway, my guess was quite trivial, it probably required the shell to go
on forever just as the ssh-ftpd etc. So basicly, I decided that an
appropriate solution was to check if the shell is ftpd, otherwise
terminate.
So, this is my replacement/patch/whatever for a /bin/ftponly which does
allow ftponly, which the ones setup as described in various faq's on the
net failed. Comments are welcome.
This also forwarded to bugtraq. Perhaps a lowpriority, however if many
sites suddenly find their anomonous FTPs stop working that is a security
problem, as they may temporary downgrade or something equally bad.
---< cut here >
#!/bin/sh
#
# ftponly shell
# grepped = 1 means login is ftp. is this a good solution?
PID=$$
GREPPED=$( ps auxw | grep ftpd | grep -v grep | awk '{print $1}' | grep -c $PID )
# only used for text messages, kill it if you like.
WHOAMI=$(whoami)
if [ "$GREPPED" != "1" ]; then
echo "You're login appears to be none-ftp. bye bye $WHOAMI!"
exit 0
fi
# this is not really needed, but still...
if [ "$UID" = "0" ]; then
echo "Err... Sorry. UID 0 isn't nice!"
exit 0
fi
# debug message, not really shown to ftpusers anyway
echo "[FTPONLY] Login accepted. Welcome $WHOAMI!"
# loop forever. cons/pros ?
while [ "1" = "1" ] do; sleep 10; done
----< and paste? >
[email.ilove] ealliance$hotmail.com || 11a$gmx.net
[web.we.rock] http://194.236.13.242/11a/index.html
[web.we.rock] http://home.swipnet.se/~w-12702/11A/
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:40:46 PDT