'Re: IE v6 connecting to WU-FTPD server gains full rights???!?!!!!?!!'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       wuftpd-questions
Subject:    Re: IE v6 connecting to WU-FTPD server gains full rights???!?!!!!?!!
From:       Owen Phillis <owen () aesir ! ath ! cx>
Date:       2002-08-31 10:29:56
[Download RAW message or body]

Dont panic. It's probably you :).

You probably need to chroot jail them. have you tried
ftp://whatever/../../../ in the other browsers? I'd say thet all the users
can traverse the entire filesystem.

check out guestgroup and guest-root in the ftpacess manpage. REAL users
can traverse the FS because what the point of having an account on  a
machine if you cant, but guest users can be manipulated nicely. the guest
functions on wuftpd turn users with real accounts into guests that can
have as much or as little access as you want to give them.

good luck!

Owen.

On Fri, 30 Aug 2002, Matt Doherty wrote:

> On RedHat 7.3 Wu-FTPD comes with the package.. I created 6 users and started
> WU-FTPD.. all can login to their home directories fine from ANY ftp clint
> including browsers IE5.5 and older.. I have not tested any other browsers..
> One computer in the network had upgraded IE to v6. No matter what user ID I
> choose. I can see and walk the whole root directory in linux and open files
> etc..!! THATS F*C*ED! WOW..lol But in any other browser version other than
> IE6, rules and permissions apply!.. I know we can blame Windows but still
> how can a client figure a way around WU-FTPD?? to gain all kinds of rights?
> I thought it was IP specific so I downloaded cute-FTP to the same machine
> with IEv^ in it. configured cute to login with the same user ID etc.. And it
> logs into WU-FTPD correctly and into the users home directory without any
> rights to go elsewhere.
> Im new to this list, and I don't know if anyone has noticed this yet, but I
> hope I am doing something wrong! rather than WU-FTPD!
> Has anyone experienced this? If so, what was the fix?
> Thank You
>
>
>
> Matt Doherty
> IT Dept
> Datawatch Corp
>
> >>In a world without walls or fences, who needs Windows and Gates?<<
>

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic