On Mon, May 03, 1999 at 08:11:00PM -0400, Gregory Newby wrote: > Workaround: > > wu-ftpd and variants that use files /etc/ftp* for configuration > can easily help protect you against the many recent variants that > exploit buffer overflows with MKDIR. All the varieties I've > seen require creating a directory or file - that's where the > overflow happens. > > In /etc/ftpaccess, you have the option to specify SNIP > mkdir no anonymous > upload no anonymous beware for Debian GnuLinux (my version is wu-2.4.2-academ[BETA-16]): the line mkdir... is silently ignored and has no effect and the line upload... has a completely different syntax: ``` upload <root-dir> <dirglob> <yes|no> <owner> <group> <mode> ["dirs"|"nodirs"] Define a directory with <dirglob> that permits or denies uploads. ''' a.m. -- Legal Warning: Anyone sending me unsolicited/commercial email WILL be charged a $100 proof-reading fee. Do NOT send junk email to me - consider this an official notice: "By US Code Title 47, Sec.227(a)(2)(B), a computer/modem/printer meets the definition of a telephone fax machine. By Sec.227(b)(1)(C), it is unlawful to send any unsolicited advertisement to such equipment. By Sec.227(b)(3)(C), a violation of the aforementioned Section is punishable by action to recover actual monetary loss, or $500, whichever is greater, for each violation."
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:45:19 PDT