jesper@hpucph.dmk.hp.com (Jesper Halding) (12/19/90)
I need some help concerning anonymous ftp on Apollo SR10. Thanks.
Jesper Haldingmike@tuvie.UUCP (Inst.f.Techn.Informatik) (12/27/90)
In article <16180002@hpucph.dmk.hp.com> jesper@hpucph.dmk.hp.com (Jesper Halding) writes: >I need some help concerning anonymous ftp on Apollo SR10. Thanks. > Jesper Halding All of those who are frustrated by the fact that the Apollo ftpd cannot support anonymous ftp may want to file a bug report. - I filed onbe about three moths ago, it received snail today taht my "APR did not contain sufficient detailed information to reproduce the problem" - the more peoplke complain, the higher is the chance that this will be fixed, you may want refer to my APR, it's APR ID 785c08e4 - complain! It seems that HP is starting to listen to us frustrated Apollo-turned-HP customers, after they've probably lost half their customers in 1.5 yrs (what a feat! ;-) bye, mike Michael K. Gschwind, Institute for VLSI-Design, Vienna University of Technology mike@vlsivie.tuwien.ac.at 1-2-3-4 kick the lawsuits out the door mike@vlsivie.uucp 5-6-7-8 innovate don't litigate e182202@awituw01.bitnet 9-A-B-C interfaces should be free Voice: (++43).1.58801 8144 D-E-F-O look and feel has got to go! Fax: (++43).1.569697
paul@CAEN.ENGIN.UMICH.EDU (Paul Killey) (12/28/90)
anonymous ftp not only lets people access your system with
the user name 'anonymous', it also uses the chroot() call
to make the rest of the system (besides ~ftp) unavailable to
the ftp user.
you can't chroot on the apollos.
here is my guess as to the current implementation of chroot()
under domain/os.
chroot(path)
char *path;
{
errno = EPERM;
return -1;
}
i imagine having an anonymous ftp that lets people rummage around for
any world-readable file on your system, like /etc/passwd or whatever,
does not seem like a good idea. so you should be aware of this and see
what any ftp does that does support anonymous ftp on apollo does in
this regard. I imagine one workaround would be munging ftpd so that
you check all commands that take a pathname as an arg and see if it
would take you out of your "root" directory. or prepend the "root"
directory's name to each pathname given, or something like that.
file an apr saying that chroot() does not work. i am sure apollo
already has a pile of those.
anyway, from the man page on ftpd ... (i think someone mentioned this already).
BUGS
Because Domain/OS does not support the chroot(2) command, ftpd does not
support an anonymous ftp account.
Given that it is documented, I'll bet apollo just says no.
--paulrees@pisa.ifs.umich.edu (Jim Rees) (01/01/91)
In article <4edaff33e.0017b5e@caen.engin.umich.edu>, paul@CAEN.ENGIN.UMICH.EDU (Paul Killey) writes: here is my guess as to the current implementation of chroot() under domain/os. chroot(path) char *path; { errno = EPERM; return -1; } That's exactly right. i imagine having an anonymous ftp that lets people rummage around for any world-readable file on your system, like /etc/passwd or whatever, does not seem like a good idea. so you should be aware of this and see what any ftp does that does support anonymous ftp on apollo does in this regard. I imagine one workaround would be munging ftpd so that you check all commands that take a pathname as an arg and see if it would take you out of your "root" directory. or prepend the "root" directory's name to each pathname given, or something like that. There is a version of ftpd that does this and seems to be secure. I haven't had any breakins yet, although I've seen several attempts. I've added the following to the Apollo FAQ file (available from dabo.ifs.umich.edu). Question: Why doesn't Apollo ftpd support anonymous ftp? Answer: Anonymous ftp depends on the chroot() call, which doesn't work on Apollo. There is a patched version of ftpd that supports anonymous ftp by fixing all path names before passing them off to the system. It's available (by anonymous ftp!) from various places, including ocf.berkeley.edu, dabo.ifs.umich.edu, and ftp.eb.ele.tue.nl.