Bugtraq mailing list archives
Re: your mail
From: jmm () elegant com (John Macdonald)
Date: Mon, 16 May 1994 16:49:15 -0400
Steven C. Blair wrote : || || John MacDonald says: ***^***** Macdonald || || There is one advantage in doing this sort of thing. There is || a powerful security advantage in having many off-site copies || of the ls-lR+hash file. It is *really* hard for to cracker || to spoof a change to an existing file || || If folks would quit using writable directories in their hierarchies then the || problem goes away. There are few to NO compelling reasons with my years of || experience that justify writable directories in anonymous FTP. You're just || asking for trouble, with a big "T". || || If you must justify having a writable directory that is FTp reachable from an || external network, either use a seperate login with a one-time passwd that is || changed mutually by both parties on your sites' end, or learn the || intricacies(sp?) of WU-FTPD which can prevent a lot of problems. That is a separate issue. Having checksums, and making it difficult to hide the existance of a change by maintaining external copies of the expected value of the checksum is a valuable tool for discovering that a breach has occurred. Getting the permissions right can prevent many types of such breaches. -- That is 27 years ago, or about half an eternity in | John Macdonald computer years. - Alan Tibbetts | jmm () Elegant COM
Current thread:
- Re: trojans on ftp sites der Mouse (May 14)
- Re: trojans on ftp sites Peter Deutsch (May 14)
- <Possible follow-ups>
- Re: trojans on ftp sites Paul Robinson (May 14)
- Re: your mail Christopher Klaus (May 14)
- Re: trojans on ftp sites smb () research att com (May 14)
- Re: your mail John Macdonald (May 16)
- Re: your mail Steven C. Blair (May 16)
- Re: your mail John Macdonald (May 16)
- Re: your mail Christopher Klaus (May 16)
- Re: your mail Adam Shostack (May 16)
- Re: your mail John Macdonald (May 16)
- Checksums in FTP servers. Scott Northrop (May 16)