On 30 june, I wrote (approximately) the following email to the author of Delegate, a multi-protocol proxy deamon (ftp, http, telnet, etc). So far I have received no reply, so now I'm posting here. The Delegate home page is at http://wall.etl.go.jp/delegate/ . Hello Yutaka Sato, I am starting to use your delegate proxy on NetBSD. I noticed that it creates lots of files and directories in the DGROOT directory that are writable for everybody. This is my configuration: -P21 SERVER=ftp://ftp.[removed] PERMIT=[removed] DGROOT=/tmp/delegate OWNER=delegate Delegate is started from inetd.conf: ftp stream tcp wait delegate /usr/local/bin/delegated /usr/local/bin/delegated +=/etc/delegated.conf Output of ls -alR /tmp/delegate: total 14 drwxrwxrwx 7 delegate wheel 512 Jun 30 16:01 . drwxrwxrwt 4 root wheel 512 Jun 30 16:07 .. drwxrwxrwx 5 delegate wheel 512 Jun 30 16:01 act drwxrwxrwx 3 delegate wheel 512 Jun 30 16:01 etc drwxrwxrwx 3 delegate wheel 512 Jun 30 16:01 log drwxr-xr-x 3 delegate wheel 512 Jun 30 16:06 tmp drwxrwxrwx 2 delegate wheel 512 Jun 30 16:06 work [lots removed] delegate/tmp/resolvy/ab3f2cfb31e801face8fa9c06c38ab4b/byname: total 8 drwxrwxrwx 2 delegate wheel 512 Jun 30 16:01 . drwxrwxrwx 4 delegate wheel 512 Jun 30 16:01 .. -rw-rw-rw- 1 delegate wheel 50 Jun 30 16:01 09 -rw-rw-rw- 1 delegate wheel 49 Jun 30 16:01 12 This is of course not good from a security viewpoint. Can you please fix this? Another thing: If I start delegate as root, and it changes to another user, some of these directories are made as root, and later delegate claims it cannot create some other files. Thank you in advance. -Olaf. -- ___ Olaf 'Rhialto' Seibert - rhialtoat_private ---- Unauthorized duplication, \X/ .kun.nl ---- while sometimes necessary, is never as good as the real thing.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:52:52 PDT