[TriLUG] minimal ftp host
Ryan Leathers
ryan.leathers at globalknowledge.com
Fri Jun 27 16:53:42 EDT 2003
Two other things to consider...
The combination of the ability to execute and the rights of the executor
are obviously a danger - even when the user can't right files or make
directories. That's why the chroot and ftpsecure stuff built into
vsftpd which Jon mentioned earlier is so neat.
Passive FTP access allows connections to a range of high ports at best -
to everything at worst. This alone opens the door to further mischief.
Ryan
On Fri, 2003-06-27 at 16:09, Christopher L Merrill wrote:
> Jon Carnes wrote:
> > The real key here is to limit anonymous uploads to a small partition
> > (well make it large enough to suit your needs...). The partition should
> > be a stand-alone one.
>
> I'm curious about some of the security problems with FTP. Is 'anonymous
> FTP' dangerous only when users can _upload_ files? I'd like to enable
> FTP, but only for 2 uses:
> 1) efficient downloading of files (linked from my website)
> 2) normal login - for ME to update my website
> I have no need for anonymous users to _upload_ files to my server.
>
> Do the same security concerns apply when used in this way?
> IIRC, the RH9 that I just installed came with VSftp...can I enable just
> this type of access with VSftp or should I consider another FTP server?
>
> TIA,
> Chris
--
Ryan Leathers <ryan.leathers at globalknowledge.com>
Global Knowledge
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://www.trilug.org/pipermail/trilug/attachments/20030627/15c4079d/attachment.pgp>
More information about the TriLUG
mailing list