[prev in list] [next in list] [prev in thread] [next in thread]
List: suse-linux-e
Subject: Re: [SLE] proftpd problem: "Forbidden filename"
From: Christopher Mahmood <ckm () suse ! com>
Date: 2002-06-03 17:59:19
[Download RAW message or body]
* David List (david@davidlist.dk) [020603 09:45]:
> However, it only works when I disable the PathAllowFilter directive in
> /etc/proftpd.conf.
> I have not altered the suggestion for the PathAllowFilter directive that
> was already in the file after installing the SuSE Linux 7.3 proftpd
> package. It looks like this:
> PathAllowFilter ".*/[a-zA-Z0-9]+$"
> When I try uploading a file simply named 'test' I get the "Forbidden
> filename" message again.
'./test' should work. Kind of a strange regex there, especially
since it allows names like
../../../../../libc.so.6
If you had a script that automatically removed files from the
writable directory but ran outside of the chroot you could be in for
a nasty surprise :)
Something a little safer might be
'^[a-zA-Z0-9\.\-]+$'
That is, the start of the record, any number of alphanumeric
characters, '.', and '-', and the end of the record. The clinically
paranoid might limit the filename length as well:
'^[a-zA-Z0-9\.\-]{1-20}$'
which would be at least one character but no more than 20.
--
-ckm
--
To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com
For additional commands send e-mail to suse-linux-e-help@suse.com
Also check the archives at http://lists.suse.com
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic