Bugtraq mailing list archives

Re: your mail

From: sblair () upurbmw us dell com (Steven C. Blair)
Date: Mon, 16 May 1994 11:39:25 -0500


John MacDonald says:

        There is one advantage in doing this sort of thing.  There is
        a powerful security advantage in having many off-site copies
        of the ls-lR+hash file.  It is *really* hard for to cracker
        to spoof a change to an existing file

If folks would quit using writable directories in their hierarchies then the
problem goes away. There are few to NO compelling reasons with my years of
experience that justify writable directories in anonymous FTP. You're just
asking for trouble, with a  big "T".

If you must justify having a writable directory that is FTp reachable from an
external network, either use a seperate login with a one-time passwd that is
changed mutually by both parties on your sites' end, or learn the
intricacies(sp?) of WU-FTPD which can prevent a lot of problems.

scb



-- 
Steven C. Blair
dell computer corp
[ ] Unless this box is signed with an X I don't speak for my keepers....

Current thread:

Re: trojans on ftp sites der Mouse (May 14)
- Re: trojans on ftp sites Peter Deutsch (May 14)
- <Possible follow-ups>
- Re: trojans on ftp sites Paul Robinson (May 14)
  - Re: your mail Christopher Klaus (May 14)
- Re: trojans on ftp sites smb () research att com (May 14)
  - Re: your mail John Macdonald (May 16)
    - Re: your mail Steven C. Blair (May 16)
    - Re: your mail John Macdonald (May 16)
    - Re: your mail Christopher Klaus (May 16)
    - Re: your mail Adam Shostack (May 16)
    - Checksums in FTP servers. Scott Northrop (May 16)
- Re: trojans on ftp sites Gene Spafford (May 15)
- Re: trojans on ftp sites Ariel Faigon (May 17)