On Mon, May 03, 1999 at 08:11:00PM -0400, Gregory Newby wrote:
> Workaround:
>
> wu-ftpd and variants that use files /etc/ftp* for configuration
> can easily help protect you against the many recent variants that
> exploit buffer overflows with MKDIR. All the varieties I've
> seen require creating a directory or file - that's where the
> overflow happens.
>
> In /etc/ftpaccess, you have the option to specify SNIP
> mkdir no anonymous
> upload no anonymous
beware for Debian GnuLinux
(my version is wu-2.4.2-academ[BETA-16]):
the line mkdir... is silently ignored and has no effect
and the line upload... has a completely different syntax:
``` upload <root-dir> <dirglob> <yes|no> <owner> <group>
<mode> ["dirs"|"nodirs"]
Define a directory with <dirglob> that permits or
denies uploads.
'''
a.m.
--
Legal Warning: Anyone sending me unsolicited/commercial email WILL be charged
a $100 proof-reading fee. Do NOT send junk email to me - consider this an
official notice:
"By US Code Title 47, Sec.227(a)(2)(B), a computer/modem/printer meets the
definition of a telephone fax machine. By Sec.227(b)(1)(C), it is unlawful
to send any unsolicited advertisement to such equipment. By Sec.227(b)(3)(C),
a violation of the aforementioned Section is punishable by action to recover
actual monetary loss, or $500, whichever is greater, for each violation."
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:45:19 PDT