From owner-wu-ftpd@wugate.wustl.edu Mon Feb 1 08:12:09 1999

From [email protected] Mon Feb 1 08:12:09 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id IAA21371;
Mon, 1 Feb 1999 08:12:08 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id IAA01378;
Mon, 1 Feb 1999 08:07:29 -0600 (CST)
Received: from mtiwmhc05.worldnet.att.net (mtiwmhc05.worldnet.att.net [204.127.131.40])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id HAA03044
for <[email protected]>; Mon, 1 Feb 1999 07:58:18 -0600 (CST)
Received: from healer.com ([12.77.217.5]) by mtiwmhc05.worldnet.att.net
(InterMail v03.02.07 118 124) with ESMTP
id <[email protected]>;
Mon, 1 Feb 1999 13:57:47 +0000
Message-Id: <[email protected]>
Date: Mon, 01 Feb 1999 09:15:37 -0800
Reply-To: [email protected]
Sender: [email protected]
From: Coranth Gryphon <[email protected]>
To: [email protected]
Cc: "'Bernhard Rosenkraenzer'" <[email protected]>,
"'WUFTPD List'" <[email protected]>
Subject: Re: why no debugging in daemon mode
References: <c=US%a=_%p=att%[email protected]>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Mailer: Mozilla 4.05 [en] (Win95; U)
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

> turns out) of ftpd.c at the end of DAEMON
> definition sections:
> debug = 0;
> #endif /* DAEMON */
>

I think this is a side effect of some of the other
code moves (mainly socket stuff) that moved after
the getopt() call when shifting to Daemon mode.

I moved the "debug=0" up to where the variable
is initialized

- int debug;
+ int debug = 0;

and everything works fine in Daemon mode.

-coranth

From [email protected] Mon Feb 1 08:26:06 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id IAA21534;
Mon, 1 Feb 1999 08:26:05 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id IAA23200;
Mon, 1 Feb 1999 08:23:02 -0600 (CST)
Received: from pizza.hvu.nl ([145.89.234.2])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id IAA00242
for <[email protected]>; Mon, 1 Feb 1999 08:03:47 -0600 (CST)
Received: (from koos@localhost) by pizza.hvu.nl (8.8.6/KH19980502 (dbm++)) id PAA03343 for [email protected]; Mon, 1 Feb 1999 15:03:02 +0100 (MET)
Message-Id: <[email protected]>
Date: Mon, 1 Feb 1999 15:03:02 +0100 (MET)
Reply-To: [email protected]
Sender: [email protected]
From: Koos van den Hout _U nix and we all_ <[email protected]>
To: [email protected]
Subject: Contents of wu-ftpd FAQ
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

* Contents of the FAQ file for wu-ftpd. The complete file can be found at
http://www.cetis.hvu.nl/~koos/wu-ftpd-faq.html
Or, send mail to [email protected] with as subject "send faq"
(without the quotes, body ignored).

THE_URL:file://localhost/home/staff/koos/wu-ftpd-faq/wu-ftpd-faq.contents.html
1. Contents of this FAQ
1. Contents of this FAQ
2. What is this document
3. What is wu-ftpd itself and this mailing list in particular ?
1. How do I subscribe/unsubscribe ?
2. Is this list archived anywhere ?
3. What are related documents ?
4. Are there any alternatives ?
4. Where do I get the wu-ftpd ?
1. Where do I get the updated version ?
2. What are the VR patches for wu-ftpd ?
3. What is BeroFTPD ?
5. Compiling the wu-ftpd
1. cc complains about strunames, typenames, modenames, ..
being undeclared.
2. I don't have yacc
3. wu-ftpd doesn't 'see' that users are in multiple groups.
4. I get "conflicting types for `realpath'"
5. wu-ftpd doesn't use the shadow passwords on my Linux
machine.
6. It doesn't compile at all on newer Linux installs. The
error is :
7. The timezone in the xferlog is wrong
8. The timezone in the ls output is wrong
9. Digital Unix doesn't log commands after an anonymous
user logs in
10. install fails with 'install: ..'
11. Digital Unix (The Unix Formerly Known As OSF/1) and
Enhanced C2 security,
12. It doesn't compile at all on Digital Unix, errors about
struct timeval
13. What should I do to be able to use wu-ftpd in a HP-UX
10.01
14. What should I do for HP-UX 10.10 to make it work
completely.
15. Installation notes for HP-UX 10.20.
6. Special compilation options/fixes
1. I need to authenticate real users via AFS
2. I need to use S/KEY authorisation
3. I want to block certain default addresses (IE30User@,
mozilla@)
7. Installing the wu-ftpd
1. Command-line options for wu-ftpd
2. Testing on a different port number then ftp
3. Not all command line parameters seem to be used by
wu-ftpd
8. Are there year 2000 issues with wu-ftpd?
9. The ftpaccess file
1. Some files (banners, etc) don't get shown to anonymous
users.
2. What is the exact format of the <times> parameter in the
"limit"
3. What tools are there to check the configuration
4. Why does %M produce (Max unlimited) on the login banner
10. Programs (ls, gzip, tar) work for real users, not for
anonymous users, giving errors like 425 Can't create data
socket (0.0.0.0,20): Bad file number or simply no output.
1. Solaris
2. Building a statically linked ls for Solaris fails
3. Linux
4. Dec OSF
5. SunOS4.1.x
6. AIX
7. IRIX (5.3, 6.2)
8. SCO Unix
9. BSD vs SVR4 ls
10. It worked, until I upgraded the operating system.
11. Running wu-ftpd
1. ftpd allways says "221 Server shutting down. Goodbye."
2. Anonymous ftp works fine, but real users are denied
access
3. ftpconversions doesn't work
4. On-the-fly compression works, on-the-fly tarring, but
not both.
5. I want to use zip compression (InfoZip)
6. I want a real user to be able to access the host only
via ftp, not via telnet
7. Somebody uploaded a file with a weird name
8. I want anonymous users to be able to upload files, but
in the most secure manner possible
9. The default umask used when a real user uploads a file
is wrong
10. I heard something about 'SITE EXEC' having a security
hole
11. How do I make reports more readable ?
12. Incoming file transfers fail with SunOS and an NFS
mounted incoming
13. Normal ftp clients work, Netscape ftp's fail. So,
passive mode doesn't work.
14. I made a symbolic link within the anonymous tree and it
doesn't work for the anonymous users.
15. I want to redirect anonymous users to another machine
16. ftpd stops accepting connections when a lot of
connections come in.
17. Running wu-ftpd on a *large* site
18. Only the first 8 characters of the anonymous username
are recieved by the server.
19. wu-ftpd fails with '500 Illegal PORT Command' under AIX
4.3
20. I want to host multiple ftp servers on the same machine
12. Other things
1. Where is the FTP protocol documented ?
2. How can I make my ftp-archive accessible by E-mail
(ftpmail) ?
13. Credits

---------------------------------------------------------------------------

From [email protected] Mon Feb 1 09:06:39 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id JAA22015;
Mon, 1 Feb 1999 09:06:38 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id JAA29433;
Mon, 1 Feb 1999 09:02:10 -0600 (CST)
Received: from wet.kiss.uni-lj.si (wet.kiss.uni-lj.si [193.2.98.10])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id IAA25813
for <[email protected]>; Mon, 1 Feb 1999 08:56:03 -0600 (CST)
Received: from zoran (fe-fri005.fri.uni-lj.si [193.2.73.185])
by wet.kiss.uni-lj.si (8.8.8/8.8.8) with SMTP id PAA01710
for <[email protected]>; Mon, 1 Feb 1999 15:55:58 +0100 (CET)
(envelope-from [email protected])
Message-Id: <002d01be4df3$6b0194d0$0101a8c0@zoran>
Date: Mon, 1 Feb 1999 15:59:07 +0100
Reply-To: [email protected]
Sender: [email protected]
From: "x" <[email protected]>
To: <[email protected]>
Subject: ftp, not shell; chroot
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 4.72.3110.5
X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

- how can someone have ftp access and not shell..
i thought a simple passwd entry with shell /bin/nonexistent
would do that.. but seems wu-ftpd needs a shell.........

- what i do i have to do to make wu-ftpd chroot to persons dir ?
(-..and one more.. is Beroftpd a continued development of wu-ftpd..
should i use it instead ?)

From [email protected] Mon Feb 1 09:19:29 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id JAA22155;
Mon, 1 Feb 1999 09:19:28 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id JAA25289;
Mon, 1 Feb 1999 09:15:27 -0600 (CST)
Received: from xavier.ups.com ([198.80.14.117])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id JAA27056
for <[email protected]>; Mon, 1 Feb 1999 09:09:57 -0600 (CST)
Received: from revere2.telecom.ups.com (smtp.field2.ups.com [153.2.0.50])
by xavier.ups.com (8.9.1a/8.9.1/UPS) with ESMTP id KAA02753
for <[email protected]>; Mon, 1 Feb 1999 10:09:20 -0500 (EST)
Received: from lou.telecom.ups.com (localhost [127.0.0.1])
by revere2.telecom.ups.com (8.8.7/UPS) with SMTP id KAA27512
for <[email protected]>; Mon, 1 Feb 1999 10:09:20 -0500 (EST)
Message-Id: <[email protected]>
Date: Mon, 1 Feb 1999 22:09:33 -0500
Reply-To: [email protected]
Sender: [email protected]
From: "Edward Perry" <[email protected]>
To: "WU - FTP" <[email protected]>
Subject: SSL and FTP
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 4.72.2106.4
X-MimeOLE: Produced By Microsoft MimeOLE V4.72.2106.4
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Is there anyone who can fill me in on these 3 questions about the SSL
ftp patch.

1. Is there any affect on standard ftp clients.
2. Are there any currently known bugs with it.
3. Is there any sites that it is currently running at?

Thanks in advance
Edward Perry

From [email protected] Mon Feb 1 09:31:42 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id JAA22379;
Mon, 1 Feb 1999 09:31:39 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id JAA12352;
Mon, 1 Feb 1999 09:28:09 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id JAA30099
for <[email protected]>; Mon, 1 Feb 1999 09:22:09 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.1a/8.9.1) with ESMTP id KAA23950;
Mon, 1 Feb 1999 10:21:58 -0500
Message-Id: <[email protected]>
Date: Mon, 1 Feb 1999 10:21:52 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: x <[email protected]>
Cc: [email protected]
Subject: Re: ftp, not shell; chroot
In-Reply-To: <002d01be4df3$6b0194d0$0101a8c0@zoran>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Mon, 1 Feb 1999, x wrote:

> - how can someone have ftp access and not shell..
> i thought a simple passwd entry with shell /bin/nonexistent
> would do that.. but seems wu-ftpd needs a shell.........

you need a entry in /etc/shells for this. this is a FAQ.

The location of the latest version of wu-ftpd can be found in the
directory

ftp://ftp.academ.com/pub/wu-ftpd/private/

You can't see the directory contents, so read the message informing you
of the actual filename to retrieve. It's there.

wu-ftpd Resource Center: http://www.landfield.com/wu-ftpd/
wu-ftpd FAQ: http://www.cetis.hvu.nl/~koos/wu-ftpd-faq.html
wu-ftpd list archive: http://www.landfield.com/wu-ftpd/mail-archive/

> - what i do i have to do to make wu-ftpd chroot to persons dir ?

read the man pages on guestgroup; this is covered in the FAQ as well.

> (-..and one more.. is Beroftpd a continued development of wu-ftpd..

Yes.

> should i use it instead ?)

Depends on your requirements. As things stand today, the current version
is 2.4.2 (beta-18) from Academ. The VR seies adds a number of features
and fixes some bugs. BeroFTPD has most of the VR stuff in it plus NEWVIRT
and other extensions, plus changes to a GNU autoconf build system.

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Mon Feb 1 09:37:57 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id JAA22486;
Mon, 1 Feb 1999 09:37:56 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id JAA12481;
Mon, 1 Feb 1999 09:34:53 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id JAA26128
for <[email protected]>; Mon, 1 Feb 1999 09:28:18 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.1a/8.9.1) with ESMTP id KAA23976;
Mon, 1 Feb 1999 10:27:36 -0500
Message-Id: <[email protected]>
Date: Mon, 1 Feb 1999 10:27:35 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: Edward Perry <[email protected]>
Cc: WU - FTP <[email protected]>
Subject: Re: SSL and FTP
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Mon, 1 Feb 1999, Edward Perry wrote:

> Is there anyone who can fill me in on these 3 questions about the SSL
> ftp patch.
>
> 1. Is there any affect on standard ftp clients.

Shouldn't be except you need to remember, only SSL-enabled clients use
SSL. If you put up an SSL-only site, standard clients won't be able to
use it at all.

> 2. Are there any currently known bugs with it.

Considering the age of the SSL patch I know of, probably.

> 3. Is there any sites that it is currently running at?

Maybe a few. Nobody would use SSL for a public FTP site. Due to the lack
of clients it's really only usable in an inside (Intranet) deployment.

My recommendation for SSL would be to get one of the tunnelling programs
to separate the SSL layer from the client/daemon. I've not heard of
anyone doing that with FTP, but I know it works well for Outlook Express's
POP/IMAP/NNTP clients using standard (non-SSL) servers.

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Mon Feb 1 11:16:57 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id LAA23719;
Mon, 1 Feb 1999 11:16:48 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id LAA31351;
Mon, 1 Feb 1999 11:13:26 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id LAA02229
for <[email protected]>; Mon, 1 Feb 1999 11:10:25 -0600 (CST)
Received: (from lundberg@localhost)
by mail.vr.net (8.9.1a/8.9.1) id MAA24981
for [email protected]; Mon, 1 Feb 1999 12:10:19 -0500
Message-Id: <[email protected]>
Date: Mon, 1 Feb 1999 12:00:00 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: WU-FTPD Discussion List <[email protected]>
Subject: [VR13] More enhancements and bug fixes for beta-18
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

The VR13 patch set for WU-FTPD 2.4.2 (beta-18) is now available.

The VR series includes additional features requested over the years by the
user community and includes a number of bug fixes for both the base 2.4.2
(beta-18) release and earlier VR patch sets.

These are available as both patches and pre-patched tarballs at my ftp
site:

ftp://ftp.vr.net/pub/wu-ftpd/

MD5 Package
--- -------
98067f67015015aa30b959e8dba4bb27 wu-ftpd-2.4.2-beta-18-vr13.tar.Z
20de666ba0e772402c1909b404ee4cc0 wu-ftpd-2.4.2-beta-18-vr13.tar.gz

bcd74875a953676ba9f8de4c315f9712 wu-ftpd-2.4.2-beta-18-vr3.patch
863e294eddfe2c772cd9c541372c7e1d wu-ftpd-2.4.2-beta-18-vr4.patch
8f7d523eff5785a901d8ec9330e7b2a4 wu-ftpd-2.4.2-beta-18-vr5.patch
891ea301ab535e3aa55c5da4c3b3dd37 wu-ftpd-2.4.2-beta-18-vr6.patch
dc1672289c2da25880f7c63f21b37122 wu-ftpd-2.4.2-beta-18-vr7.patch
602b1431727261a4b16340853f6d81c3 wu-ftpd-2.4.2-beta-18-vr8.patch
9eee17b78a3a245dd71476e9426baaa0 wu-ftpd-2.4.2-beta-18-vr9.patch
c85059908d124be5a6a9c8331c5322c0 wu-ftpd-2.4.2-beta-18-vr10.patch
fb9596c5950cee6bad0e0d70fa168ccf wu-ftpd-2.4.2-beta-18-vr11.patch
caaeceacb995768c8f99628fe54af798 wu-ftpd-2.4.2-beta-18-vr12.patch
1ee90ee4ba0df2be01c7b3151584e5d4 wu-ftpd-2.4.2-beta-18-vr13.patch

If you take just the patch files, please remember: they are cumulative.
you cannot apply fixes from one set without earlier sets already having
been applied. The first set for BETA-18 is VR3; VR1 and VR2 were for
BETA-17 only.

Pre-compiled binaries for VR13 are not yet available. The VR12 binaries
will remain available until newer versions are ready.

This is a list of fixes to BETA 18 with VR12 applied from lundberg@@vr.net
---------------------------------------------------------------------------
The realpath fix in VR12 for NFS has an off-by-one. Noted codereading.

Add documentation for class= phrases missed in VR12 and promised for this
release.

Fixed a bug in the quota support which caused a crash if there was no file
support (/etc/fstab /etc/mtab) on some systems.

Fixed a bug in the 'connection from' message. The AUTH (RFC 931) was too
late and the remote address and host name hadn't been determined yet.

Added DaemonAddress ftpaccess clause to listen on a single IP address
instead of INADDR_ANY. This is incompatible with virtual host support as
things now stand and will require a major rewrite to fix. I needed it for
a specific site and decided to leave it in.

Fixed a bug where access.c was logging garbage because of bad linkage to
ftpd.c, this appeared on a number of syslog messages instead of the remote
user identification (via RFC 931).

Added module loadavg.c stripped from Sendmail. This is not currently
compiled. The module is for testing connection limits based upon system
load, which is planned for a future VR update.

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Mon Feb 1 12:15:32 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id MAA24336;
Mon, 1 Feb 1999 12:15:31 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id MAA32162;
Mon, 1 Feb 1999 12:12:07 -0600 (CST)
Received: from ljcqs016.cnf.com ([205.185.108.239])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id MAA01129
for <[email protected]>; Mon, 1 Feb 1999 12:05:40 -0600 (CST)
Received: from cnfvs008.cnf.com (cnfvs008.cnf.com [10.0.2.114])
by ljcqs016.cnf.com (8.8.7/8.8.7) with ESMTP id KAA24005
for <[email protected]>; Mon, 1 Feb 1999 10:05:07 -0800 (PST)
Received: by cnfvs008.cnf.com with Internet Mail Service (5.5.2232.9)
id <D46BQVGK>; Mon, 1 Feb 1999 10:05:04 -0800
Message-Id: <[email protected]>
Date: Mon, 1 Feb 1999 10:05:10 -0800
Reply-To: [email protected]
Sender: [email protected]
From: "Speier, Guy J - CNF" <[email protected]>
To: WU-FTPD Discussion List <[email protected]>
Subject: ls
MIME-Version: 1.0
Content-Type: text/plain
X-Mailer: Internet Mail Service (5.5.2232.9)
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

my apologies for continuing with this letter, but I still haven't figured
out why I can
chroot a user to a common place (say /home/ftp/./miscftp/user), but I can't
chroot
them to their home dir (say /home/ftp/miscftp/./user). I have even gone as
far as
taring all of /home/ftp and them untaring it in the users home dir. It
works in instance A,
but not in B.

Can anyone give me some useful advice on how to overcome this issue.

thanks
Guy

From [email protected] Mon Feb 1 13:08:49 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id NAA24942;
Mon, 1 Feb 1999 13:08:41 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id NAA30394;
Mon, 1 Feb 1999 13:03:57 -0600 (CST)
Received: from relay.pair.com (relay1.pair.com [209.68.1.20])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id MAA08731
for <[email protected]>; Mon, 1 Feb 1999 12:59:35 -0600 (CST)
Received: from microsoft.sucks.eu.org (0@[198.22.51.104])
by relay.pair.com (8.8.7/8.8.5) with SMTP id NAA21901;
Mon, 1 Feb 1999 13:43:47 -0500 (EST)
Message-Id: <Pine.LNX.4.04.9902011917590.30371-100000@k6.microsoft.sucks.eu.org>
Date: Mon, 1 Feb 1999 19:20:17 +0100 (CET)
Reply-To: [email protected]
Sender: [email protected]
From: Bernhard Rosenkraenzer <[email protected]>
To: x <[email protected]>
Cc: [email protected]
Subject: Re: ftp, not shell; chroot
In-Reply-To: <002d01be4df3$6b0194d0$0101a8c0@zoran>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Mon, 1 Feb 1999, x wrote:

> - how can someone have ftp access and not shell..
> i thought a simple passwd entry with shell /bin/nonexistent
> would do that.. but seems wu-ftpd needs a shell.........

It is enough - you need to add /bin/nonexistent to /etc/shells, though.
Read the FAQ.

> - what i do i have to do to make wu-ftpd chroot to persons dir ?

man ftpaccess
Look for guestgroup and guest-root directives, and read the FAQ.

> is Beroftpd a continued development of wu-ftpd..

Yes.

> should i use it instead ?)

If you need one of its new features or if you're worried about the
chroot() bug.

LLaP
bero

--
Windows 98 supports real multitasking - it can boot and crash simultaneously.
***
Anyone sending unwanted advertising e-mail to this address will be charged
$25 for network traffic and computing time. By extracting my address from
this message or its header, you agree to these terms.

From [email protected] Mon Feb 1 13:10:44 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id NAA24961;
Mon, 1 Feb 1999 13:10:27 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id NAA14517;
Mon, 1 Feb 1999 13:06:46 -0600 (CST)
Received: from oncedamnit.com (bigip12.aitcom.net [208.234.0.25])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id NAA00705
for <[email protected]>; Mon, 1 Feb 1999 13:00:20 -0600 (CST)
Received: from oncedamnit.com (gorkel@[206.247.115.98])
by oncedamnit.com (8.8.8/8.8.5) with ESMTP id OAA08179
for <[email protected]>; Mon, 1 Feb 1999 14:00:11 -0500
Message-Id: <[email protected]>
Date: Mon, 01 Feb 1999 12:01:58 -0700
Reply-To: [email protected]
Sender: [email protected]
From: johnmiller <[email protected]>
To: WU-FTPD Discussion List <[email protected]>
Subject: client login prob
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Sender: [email protected]
X-Mailer: Mozilla 4.07 [en] (X11; I; Linux 2.0.36 i686)
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

- I'm having a problem logging into my ftp server from any client
running on a windows platform, but no trouble at all from my linux box.
is there a setting somewhere that will allow non-unix type clients to
log onto my ftp server? thanks for your help.

From [email protected] Mon Feb 1 13:52:58 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id NAA25481;
Mon, 1 Feb 1999 13:52:50 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id NAA24979;
Mon, 1 Feb 1999 13:48:56 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id NAA05721
for <[email protected]>; Mon, 1 Feb 1999 13:48:11 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.1a/8.9.1) with ESMTP id OAA26294;
Mon, 1 Feb 1999 14:47:53 -0500
Message-Id: <[email protected]>
Date: Mon, 1 Feb 1999 14:47:53 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: johnmiller <[email protected]>
Cc: WU-FTPD Discussion List <[email protected]>
Subject: Re: client login prob
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Mon, 1 Feb 1999, johnmiller wrote:

> I'm having a problem logging into my ftp server from any client
> running on a windows platform, but no trouble at all from my linux
> box. is there a setting somewhere that will allow non-unix type
> clients to log onto my ftp server? thanks for your help.

Non-unix clients have no problems. Check the FAQ, check your system logs.
What exactly is the problem?

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Mon Feb 1 15:36:21 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id PAA26762;
Mon, 1 Feb 1999 15:36:09 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id PAA27787;
Mon, 1 Feb 1999 15:32:15 -0600 (CST)
Received: from xavier.ups.com ([198.80.14.117])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id PAA07949
for <[email protected]>; Mon, 1 Feb 1999 15:27:53 -0600 (CST)
Received: from revere2.telecom.ups.com (smtp.field2.ups.com [153.2.0.50])
by xavier.ups.com (8.9.1a/8.9.1/UPS) with ESMTP id QAA23306;
Mon, 1 Feb 1999 16:26:39 -0500 (EST)
Received: from lou.telecom.ups.com (localhost [127.0.0.1])
by revere2.telecom.ups.com (8.8.7/UPS) with SMTP id QAA05633;
Mon, 1 Feb 1999 16:26:37 -0500 (EST)
Message-Id: <[email protected]>
Date: Tue, 2 Feb 1999 04:11:44 -0500
Reply-To: [email protected]
Sender: [email protected]
From: "Edward Perry" <[email protected]>
To: "WU - FTP" <[email protected]>
Cc: <[email protected]>
Subject: Re: SSL and FTP
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 4.72.2106.4
X-MimeOLE: Produced By Microsoft MimeOLE V4.72.2106.4
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

What would be some of the FTP clients that support the SSL patch

-----Original Message-----
From: Gregory A Lundberg <[email protected]>
To: Edward Perry <[email protected]>
Cc: WU - FTP <[email protected]>
Date: Monday, February 01, 1999 11:59 AM
Subject: Re: SSL and FTP

On Mon, 1 Feb 1999, Edward Perry wrote:

> Is there anyone who can fill me in on these 3 questions about the
SSL
> ftp patch.
>
> 1. Is there any affect on standard ftp clients.

Shouldn't be except you need to remember, only SSL-enabled clients use
SSL. If you put up an SSL-only site, standard clients won't be able
to
use it at all.

> 2. Are there any currently known bugs with it.

Considering the age of the SSL patch I know of, probably.

> 3. Is there any sites that it is currently running at?

Maybe a few. Nobody would use SSL for a public FTP site. Due to the
lack
of clients it's really only usable in an inside (Intranet) deployment.

My recommendation for SSL would be to get one of the tunnelling
programs
to separate the SSL layer from the client/daemon. I've not heard of
anyone doing that with FTP, but I know it works well for Outlook
Express's
POP/IMAP/NNTP clients using standard (non-SSL) servers.

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Mon Feb 1 15:39:41 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id PAA26821;
Mon, 1 Feb 1999 15:39:36 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id PAA26492;
Mon, 1 Feb 1999 15:35:41 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id PAA01053
for <[email protected]>; Mon, 1 Feb 1999 15:31:04 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.1a/8.9.1) with ESMTP id QAA27298;
Mon, 1 Feb 1999 16:30:28 -0500
Message-Id: <[email protected]>
Date: Mon, 1 Feb 1999 16:30:28 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: Edward Perry <[email protected]>
Cc: WU - FTP <[email protected]>
Subject: Re: SSL and FTP
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Tue, 2 Feb 1999, Edward Perry wrote:

> What would be some of the FTP clients that support the SSL patch

To my knowledge, the only one which does is the one at the site where the
SSL patch for the daemon is found (which site I can never remember and
have to search Yahoo! for).

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Mon Feb 1 16:22:01 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id QAA27320;
Mon, 1 Feb 1999 16:21:59 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id QAA13761;
Mon, 1 Feb 1999 16:18:19 -0600 (CST)
Received: from oncedamnit.com (bigip12.aitcom.net [208.234.0.25])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id QAA15526
for <[email protected]>; Mon, 1 Feb 1999 16:12:48 -0600 (CST)
Received: from oncedamnit.com (gorkel@[206.247.115.98])
by oncedamnit.com (8.8.8/8.8.5) with ESMTP id RAA20672
for <[email protected]>; Mon, 1 Feb 1999 17:12:44 -0500
Message-Id: <[email protected]>
Date: Mon, 01 Feb 1999 15:14:31 -0700
Reply-To: [email protected]
Sender: [email protected]
From: johnmiller <[email protected]>
To: WU-FTPD Discussion List <[email protected]>
Subject: Re: client login prob
References: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Sender: [email protected]
X-Mailer: Mozilla 4.07 [en] (X11; I; Linux 2.0.36 i686)
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

the system seems to be authenticating the users from the windows
machines, but it takes so long that the ftp clients timeout (several
minutes). Is this an ftp prob or something else? I've looked through
the log files, but i can't find any error messages. the users are
connecting to the system, but not to the ftp service. thanks for your
help.

From [email protected] Mon Feb 1 16:41:42 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id QAA27584;
Mon, 1 Feb 1999 16:41:38 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id QAA23910;
Mon, 1 Feb 1999 16:37:33 -0600 (CST)
Received: from differential.com ([207.126.113.254])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id QAA03089
for <[email protected]>; Mon, 1 Feb 1999 16:31:27 -0600 (CST)
Received: from liar4.differential.net ([170.1.193.67])
by differential.com (8.8.8/8.8.8) with SMTP id OAA29543;
Mon, 1 Feb 1999 14:30:49 -0800 (PST)
Message-Id: <[email protected]>
Date: Mon, 01 Feb 1999 14:30:48 -0800
Reply-To: [email protected]
Sender: [email protected]
From: DJ <[email protected]>
To: [email protected], "WU - FTP" <[email protected]>
Cc: <[email protected]>
Subject: Re: SSL and FTP
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Sender: [email protected]
X-Mailer: Windows Eudora Pro Version 3.0 (32)
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Edward,

Try www.filedrive.com.

There you will find a commercial SSLFTP clients for UNIX and for NT.
The NT version has full UI, scheduling, reliability as well as
all the normal secure FTP stuff.

FYI there are also servers available there for secure FTP.

DJ

At 04:11 AM 2/2/99 -0500, Edward Perry wrote:
>What would be some of the FTP clients that support the SSL patch
>
>-----Original Message-----
>From: Gregory A Lundberg <[email protected]>
>To: Edward Perry <[email protected]>
>Cc: WU - FTP <[email protected]>
>Date: Monday, February 01, 1999 11:59 AM
>Subject: Re: SSL and FTP
>
>
>On Mon, 1 Feb 1999, Edward Perry wrote:
>
>> Is there anyone who can fill me in on these 3 questions about the
>SSL
>> ftp patch.
>>
>> 1. Is there any affect on standard ftp clients.
>
>Shouldn't be except you need to remember, only SSL-enabled clients use
>SSL. If you put up an SSL-only site, standard clients won't be able
>to
>use it at all.
>
>> 2. Are there any currently known bugs with it.
>
>Considering the age of the SSL patch I know of, probably.
>
>> 3. Is there any sites that it is currently running at?
>
>Maybe a few. Nobody would use SSL for a public FTP site. Due to the
>lack
>of clients it's really only usable in an inside (Intranet) deployment.
>
>My recommendation for SSL would be to get one of the tunnelling
>programs
>to separate the SSL layer from the client/daemon. I've not heard of
>anyone doing that with FTP, but I know it works well for Outlook
>Express's
>POP/IMAP/NNTP clients using standard (non-SSL) servers.
>
>--
>
>Gregory A Lundberg Senior Partner, VRnet Company
>1441 Elmdale Drive [email protected]
>Kettering, OH 45409-1615 USA 1-800-809-2195
>
>
>
>

From [email protected] Mon Feb 1 17:52:04 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id RAA00429;
Mon, 1 Feb 1999 17:52:04 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id RAA30085;
Mon, 1 Feb 1999 17:48:16 -0600 (CST)
Received: from gw1.bfg.com ([131.187.253.2])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id RAA17576
for <[email protected]>; Mon, 1 Feb 1999 17:44:17 -0600 (CST)
Received: (from uucp@localhost)
by gw1.bfg.com (8.8.8/8.8.8) id SAA12225;
Mon, 1 Feb 1999 18:44:06 -0500 (EST)
Received: from ns1.bfg.com(192.73.67.20) by gw1.bfg.com via smap (V2.1)
id sma012050; Mon, 1 Feb 99 18:43:44 -0500
Received: from localhost (keller@localhost)
by ns1.bfg.com (8.8.8/8.8.8) with SMTP id SAA29450;
Mon, 1 Feb 1999 18:43:41 -0500 (EST)
Message-Id: <[email protected]>
Date: Mon, 1 Feb 1999 18:43:39 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Ted Keller <[email protected]>
To: johnmiller <[email protected]>
Cc: WU-FTPD Discussion List <[email protected]>
Subject: Re: client login prob
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

This sounds like a DNS problem. You may want to make sure the DNS on your
ftp server (or the DNS server it points to) can quickly resolve reverse
apra entries. From the sounds of it, a reverse DNS lookup is requested -
but the DNS server goes through serveral time-outs before reporting back
that it can't resolve it. Possibly the DNS server doesn't point to the
root name servers?

ted keller - bfg.com

On Mon, 1 Feb 1999, johnmiller wrote:

> the system seems to be authenticating the users from the windows
> machines, but it takes so long that the ftp clients timeout (several
> minutes). Is this an ftp prob or something else? I've looked through
> the log files, but i can't find any error messages. the users are
> connecting to the system, but not to the ftp service. thanks for your
> help.
>

From [email protected] Tue Feb 2 06:53:48 1999
Received: from wugate.wustl.edu ([128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id GAA26738;
Tue, 2 Feb 1999 06:53:47 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id GAA14623;
Tue, 2 Feb 1999 06:49:24 -0600 (CST)
Received: from kodakr.kodak.com (kodakr.kodak.com [192.232.119.69])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id GAA14807
for <[email protected]>; Tue, 2 Feb 1999 06:41:43 -0600 (CST)
Received: from corpmail.kodak.com (corpmail.kodak.com [150.220.10.55])
by kodakr.kodak.com (8.9.1/8.9.1) with ESMTP id HAA10142
for <[email protected]>; Tue, 2 Feb 1999 07:41:03 -0500 (EST)
Received: from EKC-GPID-W8GZ96 ([150.220.88.7]) by corpmail.kodak.com
(post.office MTA v1.9.3b ID# 269-16266) with SMTP id AAA29094
for <[email protected]>; Tue, 2 Feb 1999 07:39:59 -0400
Message-Id: <[email protected]>
Date: Tue, 2 Feb 1999 07:41:01 -0500
Reply-To: [email protected]
Sender: [email protected]
From: "Rick Flood" <[email protected]>
To: "WU-FTP List" <[email protected]>
Subject: Directory Permissions
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0
X-Mimeole: Produced By Microsoft MimeOLE V4.72.3155.0
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

I am running Beta-18 on Solaris 2.6...
When a user creates a subdirectory, off their root, what determines the
permissions on that directory? These new subdirectories have 'rwx r_x r_x',
the user needs to do a chmod in order for other users, within the group, to
be able to write. Is this working as designed?

Rick Flood

From [email protected] Tue Feb 2 08:00:45 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id IAA27416;
Tue, 2 Feb 1999 08:00:44 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id HAA15550;
Tue, 2 Feb 1999 07:57:22 -0600 (CST)
Received: from mozart.ntte.co.uk (mozart.ntte.co.uk [195.129.28.66])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id HAA07085
for <[email protected]>; Tue, 2 Feb 1999 07:55:23 -0600 (CST)
Received: from bach.ntte.co.uk (bach.ntte.co.uk [172.30.96.66])
by mozart.ntte.co.uk (8.9.1a/3.7W) with ESMTP id NAA07850;
Tue, 2 Feb 1999 13:58:46 GMT
Received: from ntte.co.uk by bach.ntte.co.uk (8.8.5/3.4W4) id NAA14402; Tue, 2 Feb 1999 13:56:03 GMT
Message-Id: <[email protected]>
Date: Tue, 02 Feb 1999 13:54:54 +0000
Reply-To: [email protected]
Sender: [email protected]
From: Gil Arumi <[email protected]>
To: [email protected]
Cc: WU-FTP List <[email protected]>
Subject: Re: Directory Permissions
References: <[email protected]>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="MimeMultipartBoundary"
X-Mailer: Mozilla 4.5 [en] (Win95; I)
X-Accept-Language: en
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

--MimeMultipartBoundary
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

I think you need "in.ftpd -u002 " in /etc/inetd.conf (umask 002 instead
of 022)

--gil

Rick Flood wrote:
>
> I am running Beta-18 on Solaris 2.6...
> When a user creates a subdirectory, off their root, what determines the
> permissions on that directory? These new subdirectories have 'rwx r_x r_x',
> the user needs to do a chmod in order for other users, within the group, to
> be able to write. Is this working as designed?
>
> Rick Flood

--
Gil Arumi [email protected]
IP Division Tel: 0171-562-3321
NTT Europe Ltd. Fax: 0171-256-7997
http://www.ntte.co.uk
--MimeMultipartBoundary--

From [email protected] Tue Feb 2 08:13:58 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id IAA27562;
Tue, 2 Feb 1999 08:13:57 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id IAA16565;
Tue, 2 Feb 1999 08:10:56 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id IAA02774
for <[email protected]>; Tue, 2 Feb 1999 08:05:53 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.1a/8.9.1) with ESMTP id JAA00735;
Tue, 2 Feb 1999 09:05:24 -0500
Message-Id: <[email protected]>
Date: Tue, 2 Feb 1999 09:05:23 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: Rick Flood <[email protected]>
Cc: WU-FTP List <[email protected]>
Subject: Re: Directory Permissions
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Tue, 2 Feb 1999, Rick Flood wrote:

> I am running Beta-18 on Solaris 2.6... When a user creates a
> subdirectory, off their root, what determines the permissions on that
> directory? These new subdirectories have 'rwx r_x r_x', the user
> needs to do a chmod in order for other users, within the group, to be
> able to write. Is this working as designed?

With the base, beta-18 release, the umask (man ftpd, -u option) determines
the permissions on the directory. Ownership will either be the user/group
the daemon is running as at the time, or it will be the user/group given
on the upload clause.

This can be a security problem. With the base release 'nodirs' should be
used unless you have tested the behavior and found it correct for your
security model.

The VR series, and BeroFTPD, include an old patch off the mailing list
which allows you to specify the permissions to use when creating a
directory.

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Tue Feb 2 09:26:04 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id JAA28538;
Tue, 2 Feb 1999 09:26:03 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id JAA31139;
Tue, 2 Feb 1999 09:22:14 -0600 (CST)
Received: from kodakr.kodak.com (kodakr.kodak.com [192.232.119.69])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id JAA13334
for <[email protected]>; Tue, 2 Feb 1999 09:19:46 -0600 (CST)
Received: from corpmail.kodak.com (corpmail.kodak.com [150.220.10.55])
by kodakr.kodak.com (8.9.1/8.9.1) with ESMTP id KAA03501
for <[email protected]>; Tue, 2 Feb 1999 10:19:12 -0500 (EST)
Received: from EKC-GPID-W8GZ96 ([150.220.88.7]) by corpmail.kodak.com
(post.office MTA v1.9.3b ID# 269-16266) with SMTP id AAA13629;
Tue, 2 Feb 1999 10:03:02 -0400
Message-Id: <[email protected]>
Date: Tue, 2 Feb 1999 10:04:03 -0500
Reply-To: [email protected]
Sender: [email protected]
From: "Rick Flood" <[email protected]>
To: "Gregory A Lundberg" <[email protected]>
Cc: "WU-FTP List" <[email protected]>
Subject: RE: Directory Permissions
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0
X-Mimeole: Produced By Microsoft MimeOLE V4.72.3155.0
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

I just upgraded from Beta-16, 16 must have handled the umask differently?

I think need to use the -u002, my users aren't too happy about having to do
the chmod. You imply that this could be a security problem. Could you
briefly let me know how this could be a security issue?

One additional stupid question...
What are the VR series and BeroFTPD, I think I have a couple clues, but if
you could sum it up in a few words (or tell me where to find more info) it
would be appreciated.

Thanks

> -----Original Message-----
> From: Gregory A Lundberg [mailto:[email protected]]
> Sent: Tuesday, February 02, 1999 9:05 AM
> To: Rick Flood
> Cc: WU-FTP List
> Subject: Re: Directory Permissions
>
>
> On Tue, 2 Feb 1999, Rick Flood wrote:
>
> > I am running Beta-18 on Solaris 2.6... When a user creates a
> > subdirectory, off their root, what determines the permissions on that
> > directory? These new subdirectories have 'rwx r_x r_x', the user
> > needs to do a chmod in order for other users, within the group, to be
> > able to write. Is this working as designed?
>
> With the base, beta-18 release, the umask (man ftpd, -u option) determines
> the permissions on the directory. Ownership will either be the user/group
> the daemon is running as at the time, or it will be the user/group given
> on the upload clause.
>
> This can be a security problem. With the base release 'nodirs' should be
> used unless you have tested the behavior and found it correct for your
> security model.
>
> The VR series, and BeroFTPD, include an old patch off the mailing list
> which allows you to specify the permissions to use when creating a
> directory.
>
> --
>
> Gregory A Lundberg Senior Partner, VRnet Company
> 1441 Elmdale Drive [email protected]
> Kettering, OH 45409-1615 USA 1-800-809-2195
>
>

From [email protected] Tue Feb 2 10:36:52 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id KAA29875;
Tue, 2 Feb 1999 10:36:46 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id KAA08711;
Tue, 2 Feb 1999 10:33:13 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id KAA31007
for <[email protected]>; Tue, 2 Feb 1999 10:28:08 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.1a/8.9.1) with ESMTP id LAA01903;
Tue, 2 Feb 1999 11:27:54 -0500
Message-Id: <[email protected]>
Date: Tue, 2 Feb 1999 11:27:53 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: Rick Flood <[email protected]>
Cc: WU-FTP List <[email protected]>
Subject: RE: Directory Permissions
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Tue, 2 Feb 1999, Rick Flood wrote:

> I think need to use the -u002, my users aren't too happy about having
> to do the chmod. You imply that this could be a security problem.
> Could you briefly let me know how this could be a security issue?

Run the daemon umask 0.

> What are the VR series and BeroFTPD, I think I have a couple clues, but if
> you could sum it up in a few words (or tell me where to find more info) it
> would be appreciated.

My goal with the VR series is to roll in the patches, bugfixes and feature
requests from the mailing list which Stan's been ignoring/putting off for
years now. I'm also working through what of Stan's TODO list I can. I'm
trying to do it without a major change in the daemon. The VR series should
be a drop-in for your current daemon, although some of the security fixes
may appear to break your site (if it was broken before but you didn't
notice, it may be *really* broken now and won't work at all).

Bernard's taking a more libral approach. He's switched to GNU autoconf
and rolled in even more such as NEWVIRT, FTPSEC extensions, and is working
with the FTP-WG on proof-of-concept for some next-generation FTP features.

The most major difference between VR/Bero and the base Academ versions is
that, well, people are actually working on the code with VR/Bero and those
people actually participate on the mailing list. Did you know that, since
Kent started the mailing list archive, Stan's only posted 161 times, and
most off those were in the beginning? And as I recall he didn't post much
at all prior to the start of the mailing list archives. Most recently,
his posts have been the all-to-rare announcement of an update and defense
of his position as the (sic) 'maintainer'

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Tue Feb 2 12:01:34 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id MAA01439;
Tue, 2 Feb 1999 12:01:31 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id LAA20083;
Tue, 2 Feb 1999 11:57:52 -0600 (CST)
Received: from amber.ccs.neu.edu ([email protected] [129.10.116.51])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id LAA18792
for <[email protected]>; Tue, 2 Feb 1999 11:52:22 -0600 (CST)
Received: from bellatrix.ccs.neu.edu ([email protected] [129.10.116.157])
by amber.ccs.neu.edu (8.9.1a/8.9.1) with ESMTP id MAA06137
for <[email protected]>; Tue, 2 Feb 1999 12:52:17 -0500 (EST)
Message-Id: <[email protected]>
Date: Tue, 2 Feb 1999 12:52:15 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Aris Yannopoulos <[email protected]>
To: wu-ftp <[email protected]>
Subject: Re: LOTS of TIME_WAIT
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

>
> > When running netstat on the server it shows huge amounts of data port
> > stuff in the state "TIME_WAIT"
> >
> > Any thoughts? DoS attempt? Stateless requests?

> Old version? Probably.

If VR12 is an old version already, we're in trouble :)

From [email protected] Tue Feb 2 12:40:08 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id MAA02064;
Tue, 2 Feb 1999 12:40:05 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id MAA05965;
Tue, 2 Feb 1999 12:36:38 -0600 (CST)
Received: from mail1.dh.trw.com (mail1.dh.trw.com [129.193.109.1])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id MAA20284
for <[email protected]>; Tue, 2 Feb 1999 12:30:29 -0600 (CST)
Received: from trw.com ([129.4.74.179]) by mail1.dh.trw.com
(Netscape Messaging Server 3.5) with ESMTP id AAA542C
for <[email protected]>; Tue, 2 Feb 1999 10:29:50 -0800
Message-Id: <[email protected]>
Date: Tue, 02 Feb 1999 10:29:49 -0800
Reply-To: [email protected]
Sender: [email protected]
From: "Scott Parmenter" <[email protected]>
To: wuftplist <[email protected]>
Subject: Standalone problem
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Mailer: Mozilla 4.04 [en] (Win95; U)
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Hi,

When running the prerelease VR13 server standalone (-S), the child dies
sometime after pass() completes. However, this doesn't happen when
connecting from the local host (loopback) - only from a remote host.
When the child dies, nothing is written to syslog after the "FTP LOGIN
FROM ..." statement except for "FTP session closed". After sending
username and password, the remote client gets a generic "421 Service not
available, remote server has closed connection" after a pause of about 3
seconds. Has anyone else run into this? Is anyone using the -S option
successfully?

Thanks,
Scott

From [email protected] Tue Feb 2 12:47:33 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id MAA02136;
Tue, 2 Feb 1999 12:47:30 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id MAA10354;
Tue, 2 Feb 1999 12:43:14 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id MAA12930
for <[email protected]>; Tue, 2 Feb 1999 12:37:43 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.1a/8.9.1) with ESMTP id NAA02761;
Tue, 2 Feb 1999 13:37:25 -0500
Message-Id: <[email protected]>
Date: Tue, 2 Feb 1999 13:37:24 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: Aris Yannopoulos <[email protected]>
Cc: wu-ftp <[email protected]>
Subject: Re: LOTS of TIME_WAIT
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Tue, 2 Feb 1999, Aris Yannopoulos wrote:

> > > When running netstat on the server it shows huge amounts of data port
> > > stuff in the state "TIME_WAIT"
> > >
> > > Any thoughts? DoS attempt? Stateless requests?
>
> > Old version? Probably.
>
> If VR12 is an old version already, we're in trouble :)

you didn't say what version you were running before. older versions of
the daemon (circa beta-12) had a lot of problems with hangers-on.

time wait is the tcp state after a connection has closed that the
socketpair is kept arround so the kernel can cleanly dispose of any stray
packets.

many tcp stacks have an option either in the kernel or available to
applications which controls how long timewait lasts or if it even occurs.
the daemon uses the local default for this.

what I've noticed is a number of web clients open and close a large number
of connections to the ftp server rather than holding a single control
connection throughout the session. each of those connections will have a
timewat socket hanging about for a few seconds afterwards (on my systems,
about 60 seconds).

if you're seeing a very large number, and traffic at your site is not high
enough to justify them, then I'd look for other causes. for instance, is
it possible there's a communications error causing the connections to
report errors and be closed?

while it's possible to construct a DoS using timewait (ISTR there have
been such in the past), only older kernels (2+years) should be
susceptible.

I'd suggest making sure you're using the latest patches from your vendor
(or, for Linux and such, the latest stable kernel) and observing your
system for a while with that.

closing question: do you have a specific test you run locally which causes
the problem or is it only observed in the wild?

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Tue Feb 2 12:53:06 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id MAA02222;
Tue, 2 Feb 1999 12:53:03 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id MAA05810;
Tue, 2 Feb 1999 12:49:38 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id MAA10957
for <[email protected]>; Tue, 2 Feb 1999 12:45:09 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.1a/8.9.1) with ESMTP id NAA02841;
Tue, 2 Feb 1999 13:44:35 -0500
Message-Id: <[email protected]>
Date: Tue, 2 Feb 1999 13:44:35 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: Scott Parmenter <[email protected]>
Cc: wuftplist <[email protected]>
Subject: Re: Standalone problem
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Tue, 2 Feb 1999, Scott Parmenter wrote:

> When running the prerelease VR13 server standalone (-S), the child
> dies sometime after pass() completes. However, this doesn't happen
> when connecting from the local host (loopback) - only from a remote
> host. When the child dies, nothing is written to syslog after the "FTP
> LOGIN FROM ..." statement except for "FTP session closed". After
> sending username and password, the remote client gets a generic "421
> Service not available, remote server has closed connection" after a
> pause of about 3 seconds. Has anyone else run into this? Is anyone
> using the -S option successfully?

I had similar problems with VR12 and put the fixes into VR13. Grab the
current release, and if it doesn't fix things, let me know.

What I found, and your desciption fits, was that there was a bad
external-linkage between two source modules relating to the AUTH protocol.
This didn't effect the inetd-mode daemon, but caused the children of the
standalone-mode daemon to die with an acces violation (signal 11).

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Tue Feb 2 14:04:31 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id OAA03224;
Tue, 2 Feb 1999 14:04:27 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id OAA15292;
Tue, 2 Feb 1999 14:01:01 -0600 (CST)
Received: from triton.dmso.mil (triton.dmso.mil [199.75.72.2])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id NAA21073
for <[email protected]>; Tue, 2 Feb 1999 13:56:03 -0600 (CST)
Received: (from tneshite@localhost) by triton.dmso.mil (8.8.5/8.7.3) id OAA13577; Tue, 2 Feb 1999 14:55:26 -0500 (EST)
Message-Id: <[email protected]>
Date: Tue, 2 Feb 1999 14:55:25 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Thomas Neshite <[email protected]>
To: [email protected]
Cc: [email protected], [email protected]
Subject: Re: LOTS of TIME_WAIT
In-Reply-To: <[email protected]> from "Gregory A Lundberg" at Feb 2, 99 01:37:24 pm
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Mailer: ELM [version 2.4 PL25]
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

I had a problem for quite a while regarding TCP connections not
closing properly. Mine was hanging in FIN_WAIT_2 state. Running
HPUX, finally tracked down a patch released by HP that allowed you to
configure a kernel memory value (the "FIN_WAIT timer"). If a
connection was stuck in FIN_WAIT_2 for more than the timeout value
the connection was automatically terminated. There were times when
I had hundreds of finwaits, they finally ate up all the network
sockets and no one else could connect. Once I installed the vendor
os patch everything worked great.

tjn

>
> On Tue, 2 Feb 1999, Aris Yannopoulos wrote:
>
> > > > When running netstat on the server it shows huge amounts of data port
> > > > stuff in the state "TIME_WAIT"
> > > >
> > > > Any thoughts? DoS attempt? Stateless requests?
> >
> > > Old version? Probably.
> >
> > If VR12 is an old version already, we're in trouble :)
>
> you didn't say what version you were running before. older versions of
> the daemon (circa beta-12) had a lot of problems with hangers-on.
>
> time wait is the tcp state after a connection has closed that the
> socketpair is kept arround so the kernel can cleanly dispose of any stray
> packets.
>
> many tcp stacks have an option either in the kernel or available to
> applications which controls how long timewait lasts or if it even occurs.
> the daemon uses the local default for this.
>
> what I've noticed is a number of web clients open and close a large number
> of connections to the ftp server rather than holding a single control
> connection throughout the session. each of those connections will have a
> timewat socket hanging about for a few seconds afterwards (on my systems,
> about 60 seconds).
>
> if you're seeing a very large number, and traffic at your site is not high
> enough to justify them, then I'd look for other causes. for instance, is
> it possible there's a communications error causing the connections to
> report errors and be closed?
>
> while it's possible to construct a DoS using timewait (ISTR there have
> been such in the past), only older kernels (2+years) should be
> susceptible.
>
> I'd suggest making sure you're using the latest patches from your vendor
> (or, for Linux and such, the latest stable kernel) and observing your
> system for a while with that.
>
> closing question: do you have a specific test you run locally which causes
> the problem or is it only observed in the wild?
>
> --
>
> Gregory A Lundberg Senior Partner, VRnet Company
> 1441 Elmdale Drive [email protected]
> Kettering, OH 45409-1615 USA 1-800-809-2195
>
>

From [email protected] Tue Feb 2 14:56:08 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id OAA03823;
Tue, 2 Feb 1999 14:56:03 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id OAA27748;
Tue, 2 Feb 1999 14:52:34 -0600 (CST)
Received: from nuinfo.nwu.edu ([email protected] [129.105.212.72])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id OAA26860
for <[email protected]>; Tue, 2 Feb 1999 14:46:58 -0600 (CST)
Received: (from lunde@localhost)
by nuinfo.nwu.edu (8.8.8/8.8.8) id OAA19830;
Tue, 2 Feb 1999 14:46:53 -0600 (CST)
Message-Id: <[email protected]>
Date: Tue, 02 Feb 1999 14:46:53 CST
Reply-To: [email protected] (Albert Lunde)
Sender: [email protected]
From: [email protected] (Albert Lunde)
To: [email protected]
Subject: Re: LOTS of TIME_WAIT
X-Sender: [email protected] (Albert Lunde)
X-Mailer: Elm [revision: 212.4]
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

> I had a problem for quite a while regarding TCP connections not
> closing properly. Mine was hanging in FIN_WAIT_2 state. Running
> HPUX, finally tracked down a patch released by HP that allowed you to
> configure a kernel memory value (the "FIN_WAIT timer"). If a
> connection was stuck in FIN_WAIT_2 for more than the timeout value
> the connection was automatically terminated. There were times when
> I had hundreds of finwaits, they finally ate up all the network
> sockets and no one else could connect. Once I installed the vendor
> os patch everything worked great.

There's some discussion of related issues in the context of the
apache web server at:

http://www.apache.org/docs/misc/fin_wait_2.html

--
Albert Lunde [email protected]

From [email protected] Tue Feb 2 15:16:05 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id PAA04106;
Tue, 2 Feb 1999 15:16:05 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id PAA31567;
Tue, 2 Feb 1999 15:11:58 -0600 (CST)
Received: from molbio.unmc.edu (molbio.unmc.edu [137.197.214.37])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id PAA24674
for <[email protected]>; Tue, 2 Feb 1999 15:09:40 -0600 (CST)
Received: from windsurf2 by molbio.unmc.edu (SMI-8.6/SMI-SVR4)
id PAA23132; Tue, 2 Feb 1999 15:13:47 -0600
Message-Id: <[email protected]>
Date: Tue, 02 Feb 1999 15:09:52 -0600
Reply-To: [email protected]
Sender: [email protected]
From: Chad Price <[email protected]>
To: [email protected]
Cc: [email protected]
Subject: RE: Bero 1.3.2 login problem/ Solaris 2.4
In-Reply-To: <c=US%a=_%p=att%[email protected]
om>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Sender: [email protected]
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

At 02:34 PM 1/29/1999 -0500, [email protected] wrote:
>
>You show WUFTPD 2.4.2. So not any Beta version?
>If not, a lot has changed since the original WUFTPD 2.4.2
>version and that is why you are having a problem, not
>due to any BeroFTPD change. Check your ftpaccess
>specifications against the latest man page and make sure
>you have -a on ftpd command line so that you are
>invoking ftpaccess file to begin with.

>From inetd.conf:
#
# Sun's daemon
#ftp stream tcp nowait root /usr/sbin/in.ftpd in.ftpd
# wu-ftpd 2.4.2
#ftp stream tcp nowait root /usr/local/daemon/ftpd/ftpd ftpd -a -u077 -l -L
# 2.4.2-beta18
ftp stream tcp nowait root /usr/local/daemon/sbin/in.ftpd in.ftpd -a -u077
-l -L
# Bero ftpd
#ftp stream tcp nowait root /usr/local/sbin/BeroFTPD -a -i
telnet stream tcp nowait root /usr/sbin/in.telnetd in.telnetd

>Check in your
>system log file why you are being denied access.
It's not being logged.
>Pick up Beta 18 of WUFTPD if you want to test with
>the latest WUFTPD version.

I've just had a chance to install and (very briefly) test beta-18 (not the
VR release), and it was a drop-in replacement for 2.4.2. I compiled it,
installed it, changed inetd.config to point to it, and was able to login
with no problem.

I am using the same config files with 2.4.2, Bero, and beta-18, all of
which are the sample files shipped with Bero and 'locallized'

Any further hints would be welcome as to why, with either of the 2 most
recent Bero releases running, I am unable to login, either as a real user,
or as anonymous. Reminder (as this is a much delayed response): System is
Solaris 2.4 with patches, compiler is gcc 2.8.1

molbio /usr/local/etc> sudo cat ftpaccess|grep -v '\#'

class all guest,anonymous *
class local real *
limit all 5 Any /etc/msgs/msg.dead
limit local 20 Any /etc/msgs/msg.dead
readme README* login
readme README* cwd=*
message /welcome.msg login
message .message cwd=*
compress yes all
tar yes all
log commands real
log transfers anonymous,real inbound,outbound
shutdown /etc/shutmsg
email [email protected]

Any further hints would be welcome.

Chad

Chad Price
Systems Manager
University of Nebraska Medical Center
600 S 42nd St
Omaha, NE 68506-6495
[email protected]
(402) 559-9527
(402) 559-4077 (FAX)

From [email protected] Tue Feb 2 16:54:03 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id QAA05333;
Tue, 2 Feb 1999 16:54:01 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id QAA16647;
Tue, 2 Feb 1999 16:50:03 -0600 (CST)
Received: from mail1.dh.trw.com (mail1.dh.trw.com [129.193.109.1])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id QAA26614
for <[email protected]>; Tue, 2 Feb 1999 16:48:41 -0600 (CST)
Received: from trw.com ([129.4.74.179]) by mail1.dh.trw.com
(Netscape Messaging Server 3.5) with ESMTP id AAA272F;
Tue, 2 Feb 1999 14:48:07 -0800
Message-Id: <[email protected]>
Date: Tue, 02 Feb 1999 14:48:05 -0800
Reply-To: [email protected]
Sender: [email protected]
From: "Scott Parmenter" <[email protected]>
To: "[email protected]" <[email protected]>
Cc: [email protected]
Subject: Re: Standalone problem
References: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Mailer: Mozilla 4.04 [en] (Win95; U)
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

[email protected] wrote:

> On Tue, 2 Feb 1999, Scott Parmenter wrote:
>
> > When running the prerelease VR13 server standalone (-S), the child
> > dies sometime after pass() completes...
>
> I had similar problems with VR12 and put the fixes into VR13. Grab the
> current release, and if it doesn't fix things, let me know.

I just tried it with VR13, and the child still dies exactly the same.

> This didn't effect the inetd-mode daemon, but caused the children of the
> standalone-mode daemon to die with an acces violation (signal 11).

I'm not generating any signals, maybe it's something else? inetd-mode works
fine.

Scott

From [email protected] Tue Feb 2 20:21:21 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id UAA07790;
Tue, 2 Feb 1999 20:21:20 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id UAA05755;
Tue, 2 Feb 1999 20:17:38 -0600 (CST)
Received: from mail.rdc1.az.home.com ([email protected] [24.1.240.66])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id UAA27981
for <[email protected]>; Tue, 2 Feb 1999 20:16:30 -0600 (CST)
Received: from Howard ([24.1.245.117]) by mail.rdc1.az.home.com
(InterMail v4.00.03 201-229-104) with SMTP
id <19990203021623.NWLL6286.mail.rdc1.az.home.com@Howard>
for <[email protected]>; Tue, 2 Feb 1999 18:16:23 -0800
Message-Id: <[email protected]>
Date: Tue, 2 Feb 1999 19:16:07 -0700
Reply-To: [email protected]
Sender: [email protected]
From: "Howard Moneta" <[email protected]>
To: "wu-ftpd list" <[email protected]>
Subject: What is wrong?
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_000A_01BE4EE0.7BE1F7C0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.0810.800
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.0810.800
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

This is a multi-part message in MIME format.

------=_NextPart_000_000A_01BE4EE0.7BE1F7C0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

I have just started to see a new problem. when I do an ftpwho command I =
am seeing the following...

Service class remote:
366 ? S 0:00 (in.ftpd)
351 ? S 0:07 (in.ftpd)
- 2 users ( 3 maximum)

Why isn't it reporting their connection information?

I am still using VR12

in.ftpd is a link pointing to ftpd

Thanks,

Howard
[email protected]

------=_NextPart_000_000A_01BE4EE0.7BE1F7C0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD W3 HTML//EN">
<HTML><HEAD>
<META content=3Dtext/html;charset=3Diso-8859-1 =
http-equiv=3DContent-Type>
<STYLE></STYLE>

<META content=3D'"MSHTML 5.00.0910.1309"' name=3DGENERATOR></HEAD>
<BODY bgColor=3D#ffffff>
<DIV>I have just started to see a new =
problem. =20
when I do an ftpwho command I am seeing the following...</DIV>
<DIV> </DIV>
<DIV>Service class remote:</DIV>
<DIV>   366 ? =
S     0:00=20
(in.ftpd)</DIV>
<DIV>   351 ? =
S    =20
0:07 (in.ftpd)</DIV>
<DIV>     =
-   2 users=20
( 3 maximum)</DIV>
<DIV> </DIV>
<DIV>Why isn't it reporting their connection =

information?</DIV>
<DIV> </DIV>
<DIV>I am still using VR12</DIV>
<DIV> </DIV>
<DIV>in.ftpd is a link pointing to =
ftpd</DIV>
<DIV> </DIV>
<DIV>Thanks,</DIV>
<DIV> </DIV>
<DIV>Howard</DIV>
<DIV><A=20
href=3D"mailto:[email protected]">[email protected]</A></DIV></BODY>=
</HTML>

------=_NextPart_000_000A_01BE4EE0.7BE1F7C0--

From [email protected] Tue Feb 2 22:30:44 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id WAA09337;
Tue, 2 Feb 1999 22:30:42 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id WAA23157;
Tue, 2 Feb 1999 22:27:28 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id WAA02207
for <[email protected]>; Tue, 2 Feb 1999 22:21:45 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.1a/8.9.1) with ESMTP id XAA07078;
Tue, 2 Feb 1999 23:21:28 -0500
Message-Id: <[email protected]>
Date: Tue, 2 Feb 1999 23:21:28 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: Howard Moneta <[email protected]>
Cc: wu-ftpd list <[email protected]>
Subject: Re: What is wrong?
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Tue, 2 Feb 1999, Howard Moneta wrote:

> 366 ? S 0:00 (in.ftpd)
> 351 ? S 0:07 (in.ftpd)
> - 2 users ( 3 maximum)
>
> Why isn't it reporting their connection information?

I get strange results if there are old pid files laying about on restart.
Also, if I start the daemon without any environment there's not enough
space for the connection information, or what info is there is trucated.
Finally, check that the call to 'ps' used in ftpcount/ftpwho is correct
for your system.

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Wed Feb 3 06:03:19 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id GAA13511;
Wed, 3 Feb 1999 06:03:18 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id FAA14429;
Wed, 3 Feb 1999 05:58:43 -0600 (CST)
Received: from relay.pair.com (relay1.pair.com [209.68.1.20])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id FAA00891
for <[email protected]>; Wed, 3 Feb 1999 05:51:49 -0600 (CST)
Received: from microsoft.sucks.eu.org ([email protected] [137.226.8.236])
by relay.pair.com (8.8.7/8.8.5) with SMTP id GAA11921;
Wed, 3 Feb 1999 06:52:37 -0500 (EST)
Message-Id: <Pine.LNX.4.04.9902022306400.13299-100000@k6.microsoft.sucks.eu.org>
Date: Tue, 2 Feb 1999 23:11:43 +0100 (CET)
Reply-To: [email protected]
Sender: [email protected]
From: Bernhard Rosenkraenzer <[email protected]>
To: Chad Price <[email protected]>
Cc: [email protected], [email protected]
Subject: RE: Bero 1.3.2 login problem/ Solaris 2.4
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Tue, 2 Feb 1999, Chad Price wrote:

> >Check in your
> >system log file why you are being denied access.
> It's not being logged.

Never seen a problem like that; usually you at least get some reason in
the syslog. (Do you really get absolutely nothing? Not even a "process
12345 died with signal 11" or something?)

Is there anything odd about your system? (Updated libraries or such)
What is the exact message you get when you're told you may not login?

> System is Solaris 2.4 with patches

which patches?

> compiler is gcc 2.8.1

That should work. Nothing wrong with your ftpaccess file or inetd.conf
either.

LLaP
bero

--
Windows 98 supports real multitasking - it can boot and crash simultaneously.
***
Anyone sending unwanted advertising e-mail to this address will be charged
$25 for network traffic and computing time. By extracting my address from
this message or its header, you agree to these terms.

From [email protected] Wed Feb 3 07:58:10 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id HAA14465;
Wed, 3 Feb 1999 07:58:09 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id HAA26513;
Wed, 3 Feb 1999 07:53:45 -0600 (CST)
Received: from bolide.adhoc.net (bolide.adhoc.net [195.103.67.34])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id HAA16770
for <[email protected]>; Wed, 3 Feb 1999 07:50:18 -0600 (CST)
Received: from cinetica.it (dialup-29.adhoc.net [195.103.67.221])
by bolide.adhoc.net (8.9.1(PIZZI)/8.9.1) with ESMTP id OAA17232
for <[email protected]>; Wed, 3 Feb 1999 14:48:55 +0100 (MET)
Message-Id: <[email protected]>
Date: Wed, 03 Feb 1999 15:02:33 +0100
Reply-To: [email protected]
Sender: [email protected]
From: Sergio <[email protected]>
To: wu-ftpd list <[email protected]>
Subject: unsubscribe
References: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Mailer: Mozilla 4.05 (Macintosh; I; PPC)
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Hi, all
Can anyone tell me the way to unsubscribe me from the list???

Thank you

From [email protected] Wed Feb 3 10:48:26 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id KAA16570;
Wed, 3 Feb 1999 10:48:25 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id KAA12684;
Wed, 3 Feb 1999 10:43:33 -0600 (CST)
Received: from garcon.qtm.net (garcon.qtm.net [206.53.233.50])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id KAA12087
for <[email protected]>; Wed, 3 Feb 1999 10:37:41 -0600 (CST)
Received: from bugsbunny (bugsbunny.qtm.net [206.53.233.63])
by garcon.qtm.net (8.9.1/8.9.1) with SMTP id LAA16754
for <[email protected]>; Wed, 3 Feb 1999 11:38:00 -0500 (EST)
Message-Id: <[email protected]>
Date: Wed, 3 Feb 1999 11:37:29 -0500
Reply-To: [email protected]
Sender: [email protected]
From: "J Peterson" <[email protected]>
To: "Wu-Ftpd List" <[email protected]>
Subject: FreeBSD and wuftpd
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0
X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3155.0
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Hi there, I'm using FreeBSD and was wondering if wuftpd will work on that
OS?
I tried build bsd but it came up with a million errors (ok, maybe half a
mil)
Any input would be appreciated.. following is the error set..

Thanks!

# build bsd
make args are :
make opts are :

Linking Makefiles.

Making support library.
cc -O -DDEBUG -c fnmatch.c
cc -O -DDEBUG -c strcasestr.c
cc -O -DDEBUG -c authuser.c
In file included from authuser.c:7:
/usr/include/arpa/inet.h:71: warning: parameter has incomplete type
/usr/include/arpa/inet.h:74: warning: parameter has incomplete type
/usr/include/arpa/inet.h:78: warning: parameter has incomplete type
cc -O -DDEBUG -c ftw.c
In file included from ftw.c:28:
/usr/include/sys/dir.h:41: warning: #warning "The information in this file
should be obtained from <dirent.h>"
/usr/include/sys/dir.h:42: warning: #warning "and is provided solely (and
temporarily) for backward compatibility."
ftw.c: In function `chwalk':
ftw.c:187: conflicting types for `malloc'
/usr/include/stdlib.h:100: previous declaration of `malloc'
*** Error code 1

Stop.

Making ftpd.
cc -O -DDEBUG -I.. -I../support -L../support -c ftpd.c
In file included from ftpd.c:116:
/usr/include/sys/dir.h:41: warning: #warning "The information in this file
should be obtained from <dirent.h>"
/usr/include/sys/dir.h:42: warning: #warning "and is provided solely (and
temporarily) for backward compatibility."
ftpd.c:143: conflicting types for `realpath'
/usr/include/stdlib.h:166: previous declaration of `realpath'
*** Error code 1

Stop.

Making ftpcount.
cc -O -DDEBUG -I.. -I../support -L../support -o ftpcount ftpcount.c
vers.o -lsupport
cc: vers.o: No such file or directory
*** Error code 1

Stop.

Making ftpshut.
cc -O -DDEBUG -I.. -I../support -L../support -o ftpshut ftpshut.c
vers.o -lsupport
cc: vers.o: No such file or directory
*** Error code 1

Stop.

Making ckconfig.
cc -O -DDEBUG -I.. -I../support -L../support -o ckconfig ckconfig.c

Links to executables are in bin directory:
size: bin/ftpd: No such file or directory
size: bin/ftpcount: No such file or directory
size: bin/ftpshut: No such file or directory
size: bin/ftpwho: No such file or directory
text data bss dec hex
4096 4096 0 8192 2000 bin/ckconfig
Done

From [email protected] Wed Feb 3 10:59:50 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id KAA16716;
Wed, 3 Feb 1999 10:59:46 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id KAA26660;
Wed, 3 Feb 1999 10:56:24 -0600 (CST)
Received: from mtiwmhc05.worldnet.att.net (mtiwmhc05.worldnet.att.net [204.127.131.40])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id KAA31081
for <[email protected]>; Wed, 3 Feb 1999 10:51:10 -0600 (CST)
Received: from healer.com ([12.77.216.204]) by mtiwmhc05.worldnet.att.net
(InterMail v03.02.07 118 124) with ESMTP
id <[email protected]>;
Wed, 3 Feb 1999 16:50:39 +0000
Message-Id: <[email protected]>
Date: Wed, 03 Feb 1999 12:08:42 -0800
Reply-To: [email protected]
Sender: [email protected]
From: Coranth Gryphon <[email protected]>
To: [email protected]
Cc: Wu-Ftpd List <[email protected]>
Subject: Re: FreeBSD and wuftpd
References: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Mailer: Mozilla 4.05 [en] (Win95; U)
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

> Hi there, I'm using FreeBSD and was wondering if wuftpd will work on

I'm running wu-2.4.2-Beta-18 (plus the Daemon patch) quite happily
on FreeBSD 2.2.8-Release.

It compiled clean out of the box for me (except for some tweaks
to make some names in the Daemon patch not conflict).

If you like, I can make the source tarball I use available.

-coranth

From [email protected] Wed Feb 3 11:07:25 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id LAA16803;
Wed, 3 Feb 1999 11:07:22 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id LAA00926;
Wed, 3 Feb 1999 11:02:49 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id KAA21450
for <[email protected]>; Wed, 3 Feb 1999 10:59:55 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.1a/8.9.1) with ESMTP id LAA12302;
Wed, 3 Feb 1999 11:59:38 -0500
Message-Id: <[email protected]>
Date: Wed, 3 Feb 1999 11:59:38 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: J Peterson <[email protected]>
Cc: Wu-Ftpd List <[email protected]>
Subject: Re: FreeBSD and wuftpd
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Version numbers would help.

The location of the latest version of wu-ftpd can be found in the
directory

ftp://ftp.academ.com/pub/wu-ftpd/private/

You can't see the directory contents, so read the message informing you
of the actual filename to retrieve. It's there.

wu-ftpd Resource Center: http://www.landfield.com/wu-ftpd/
wu-ftpd FAQ: http://www.cetis.hvu.nl/~koos/wu-ftpd-faq.html
wu-ftpd list archive: http://www.landfield.com/wu-ftpd/mail-archive/

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Wed Feb 3 11:32:08 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id LAA17209;
Wed, 3 Feb 1999 11:32:05 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id LAA19301;
Wed, 3 Feb 1999 11:28:53 -0600 (CST)
Received: from trapper.unbc.ca (trapper.unbc.ca [142.207.144.4])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id LAA17341
for <[email protected]>; Wed, 3 Feb 1999 11:22:34 -0600 (CST)
Received: from ugrad.unbc.ca (ugrad.unbc.ca [142.207.112.20]) by trapper.unbc.ca with SMTP (8.7.1/UNBC-1.0H)
id JAA07380 (from [email protected]); Wed, 3 Feb 1999 09:21:18 -0800 (PST)
Message-Id: <[email protected]>
Date: Wed, 3 Feb 1999 09:21:13 -0800 (PST)
Reply-To: [email protected]
Sender: [email protected]
From: Chang Cheng Chao <[email protected]>
To: Sergio <[email protected]>
Cc: wu-ftpd list <[email protected]>
Subject: Re: unsubscribe
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Can you tell me too? Thanks.

On Wed, 3 Feb 1999, Sergio wrote:

> Hi, all
> Can anyone tell me the way to unsubscribe me from the list???
>
> Thank you
>

From [email protected] Wed Feb 3 11:52:45 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id LAA17513;
Wed, 3 Feb 1999 11:52:42 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id LAA08440;
Wed, 3 Feb 1999 11:48:37 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id LAA00520
for <[email protected]>; Wed, 3 Feb 1999 11:41:47 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.1a/8.9.1) with ESMTP id MAA12686
for <[email protected]>; Wed, 3 Feb 1999 12:41:42 -0500
Message-Id: <[email protected]>
Date: Wed, 3 Feb 1999 12:41:42 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: WU-FTPD Discussion List <[email protected]>
Subject: Howto unsubscribe
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Read the FAQ at http://www.cetis.hvu.nl/~koos/wu-ftpd-faq.html

From [email protected] Wed Feb 3 12:04:52 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id MAA17666;
Wed, 3 Feb 1999 12:04:47 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id MAA26922;
Wed, 3 Feb 1999 12:01:12 -0600 (CST)
Received: from relay.pair.com (relay1.pair.com [209.68.1.20])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id LAA22165
for <[email protected]>; Wed, 3 Feb 1999 11:58:04 -0600 (CST)
Received: from microsoft.sucks.eu.org ([email protected] [137.226.8.162])
by relay.pair.com (8.8.7/8.8.5) with SMTP id MAA08263;
Wed, 3 Feb 1999 12:49:14 -0500 (EST)
Message-Id: <Pine.LNX.4.04.9902031829390.1481-100000@k6.microsoft.sucks.eu.org>
Date: Wed, 3 Feb 1999 18:30:32 +0100 (CET)
Reply-To: [email protected]
Sender: [email protected]
From: Bernhard Rosenkraenzer <[email protected]>
To: J Peterson <[email protected]>
Cc: Wu-Ftpd List <[email protected]>
Subject: Re: FreeBSD and wuftpd
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Wed, 3 Feb 1999, J Peterson wrote:

> Hi there, I'm using FreeBSD and was wondering if wuftpd will work on that
> OS?
> I tried build bsd but it came up with a million errors (ok, maybe half a
> mil)
> Any input would be appreciated.. following is the error set..

Any recent version should work - if it doesn't, try BeroFTPD (main
development platforms for this are Linux and FreeBSD, so it'll
definately work on FreeBSD).

LLaP
bero

--
Windows 98 supports real multitasking - it can boot and crash simultaneously.
***
Anyone sending unwanted advertising e-mail to this address will be charged
$25 for network traffic and computing time. By extracting my address from
this message or its header, you agree to these terms.

From [email protected] Wed Feb 3 12:50:38 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id MAA18175;
Wed, 3 Feb 1999 12:50:30 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id MAA02396;
Wed, 3 Feb 1999 12:46:17 -0600 (CST)
Received: from garcon.qtm.net (garcon.qtm.net [206.53.233.50])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id MAA21237
for <[email protected]>; Wed, 3 Feb 1999 12:45:13 -0600 (CST)
Received: from bugsbunny (bugsbunny.qtm.net [206.53.233.63])
by garcon.qtm.net (8.9.1/8.9.1) with SMTP id NAA15866
for <[email protected]>; Wed, 3 Feb 1999 13:45:15 -0500 (EST)
Message-Id: <[email protected]>
Date: Wed, 3 Feb 1999 13:44:43 -0500
Reply-To: [email protected]
Sender: [email protected]
From: "J Peterson" <[email protected]>
To: "Wu-Ftpd List" <[email protected]>
Subject: Ok, got it to work, now what about conversions?
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0
X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3155.0
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Just wondering what I'm doing wrong here..
I have it running on port 2100 simply because I'm not ready to put it in
place yet :)
but I cant seem to get the conversions to work correctly.. i.e. get
dirname.tgz
the paths are correct for gzip and tar in the ftpconversions file..
Thanks :)

-Joseph

/etc/services
ftp2 2100/tcp #File Transfer [Control]
ftp2 2100/udp #File Transfer [Control]
/etc/inetd/conf
ftp2 stream tcp nowait root /usr/local/libexec/ftpd ftpd
/usr/local/etc/ftpconversions
:.Z: : :/bin/compress -d -c %s:T_REG|T_ASCII:O_UNCOMPRESS:UNCOMPRESS
: : :.Z:/bin/compress -c %s:T_REG:O_COMPRESS:COMPRESS
:.gz: : :/usr/bin/gzip -cd %s:T_REG|T_ASCII:O_UNCOMPRESS:GUNZIP
: : :.gz:/usr/bin/gzip -9 -c %s:T_REG:O_COMPRESS:GZIP
: : :.tar:/bin/tar -c -f - %s:T_REG|T_DIR:O_TAR:TAR
: : :.tar.Z:/bin/tar -c -Z -f -
%s:T_REG|T_DIR:O_COMPRESS|O_TAR:TAR+COMPRESS
: : :.tar.gz:/bin/tar -c -z -f - %s:T_REG|T_DIR:O_COMPRESS|O_TAR:TAR+GZIP
: : :.tgz:/bin/tar -c -z -f - %s:T_REG|T_DIR:O_COMPRESS|O_TAR:TAR+GZIP

# ftp garcon.qtm.net 2100
220 garcon.qtm.net FTP server (Version wu-2.4.2-academ[BETA-18](1) Wed Feb 3
12:58:36 EST 1999) ready.
Name (ftp:jay):
331 Password required for jay.
Password:
230 User jay logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls -la
200 PORT command successful.
150 Opening ASCII mode data connection for /bin/ls.
total 5358
drwxrwxr-x 7 jay www 1024 Jan 29 05:44 www
-rw-r--r-- 1 jay user 0 Feb 1 10:02 xferlog
226 Transfer complete.
ftp> get www.tgz
local: www.tgz remote: www.tgz
200 PORT command successful.
550 www.tgz: No such file or directory.
ftp>

From [email protected] Wed Feb 3 13:10:12 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id NAA18423;
Wed, 3 Feb 1999 13:10:11 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id NAA18354;
Wed, 3 Feb 1999 13:06:02 -0600 (CST)
Received: from wolverine.emji.net (wolverine.emji.net [207.22.135.6])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id NAA24571
for <[email protected]>; Wed, 3 Feb 1999 13:00:07 -0600 (CST)
Received: from pb3400w.emji.net (pb3400w.emji.net [207.100.38.16])
by wolverine.emji.net (8.8.8/8.8.7) with ESMTP id NAA24036;
Wed, 3 Feb 1999 13:59:50 -0500
Message-Id: <[email protected]>
Date: Wed, 03 Feb 1999 13:59:41 -0500
Reply-To: [email protected]
Sender: [email protected]
From: "Scott R. Every" <[email protected]>
To: [email protected]
Cc: [email protected]
Subject: compile problems on solaris
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-Mailer: Mulberry (MacOS) [1.4.0, s/n U-200388]
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Every time I compile on 2.6 I am getting the following errors:
(cd support ; make all)
rm -f libsupport.a
ar cq libsupport.a authuser.o strcasestr.o strsep.o
ld.so.1: ar: fatal: libelf.so.1: version `SUNW_1.2' not found (required by file
ar)
*** Signal 9
make: Fatal error: Command failed for target `all'
Current working directory /export/home/test/BeroFTPD-1.3.2/support
*** Error code 1
make: Fatal error: Command failed for target `all'

I have read the Solaris FAQ and loaded all the necessary include files and
libraries to compile. In fact, the same install works fine on another machine.

Any ideas what this 'SUNW_1.2' is and how I can re-install it?

thanx

s

--
Scott R. Every "Everything is controlled by a small evil group to
EMJ Internet which, unfortunately, no one we know belongs."
voice : 1-800-548-2319 fax : 1-919-363-4423 mailto:[email protected]
WWW - http://www.emji.net

Do you believe in Macintosh? Learn how to help the cause by
subscribing to the "EvangeList" listserver! Send email to:
<[email protected]> or go to:
<http://www.lists.apple.com/>

From [email protected] Thu Feb 4 01:07:12 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id BAA27374;
Thu, 4 Feb 1999 01:07:12 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id BAA09560;
Thu, 4 Feb 1999 01:02:38 -0600 (CST)
Received: from mink.cdu.elektra.ru (mink.cdu.elektra.ru [193.125.114.65])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id AAA24621
for <[email protected]>; Thu, 4 Feb 1999 00:57:00 -0600 (CST)
Received: from mailhub-slave.cdo.ups.ru(10.10.10.51) by mink.cdu.elektra.ru via smap (V2.1)
id xma019858; Thu, 4 Feb 99 09:56:25 +0300
Received: from zabortsev.cdo.ups.ru(10.6.17.33) by mailhub-slave.cdo.ups.ru via smap (V2.1)
id xma018387; Thu, 4 Feb 99 09:56:06 +0300
Message-Id: <[email protected]>
Date: Thu, 4 Feb 1999 09:56:06 +0300
Reply-To: [email protected]
Sender: [email protected]
From: "Pavel P. Zabortsev" <[email protected]>
To: "WU-FTPD mailing list" <[email protected]>
Subject: Passive FTP & Web browsers
MIME-Version: 1.0
Content-Type: text/plain;
charset="koi8-r"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 4.72.3110.5
X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Hi.

Is there any way to disable PASSIVE command on wu-ftpd?

This is because our FTP-server is behind Firewall, which forbids passive
mode for ftp by packets filtrations. Web browsers use passive mode for
access to FTP-servers (correct me, if I mistaken). The result is
impossibility to access this FTP-server!

Yours sincerely,
Pavel

-----------------------------------------------------------------
Pavel P. Zabortsev e-mail: [email protected], [email protected]
Software engineer voice: 220-4350, 220-4513, 22-87
CDO UPS of Russia fax: 220-6542
Moscow, Russia ICQ: 15371542
-----------------------------------------------------------------

From [email protected] Thu Feb 4 04:32:47 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id EAA29007;
Thu, 4 Feb 1999 04:32:46 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id EAA16844;
Thu, 4 Feb 1999 04:28:21 -0600 (CST)
Received: from irene.ctv.es (irene.ctv.es [212.25.129.13])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id EAA17284
for <[email protected]>; Thu, 4 Feb 1999 04:21:01 -0600 (CST)
Received: from ctv.es ([192.168.8.9])
by irene.ctv.es (8.9.1b+Sun/8.9.1) with ESMTP id LAA04577
for <[email protected]>; Thu, 4 Feb 1999 11:19:54 +0100 (MET)
Message-Id: <[email protected]>
Date: Thu, 04 Feb 1999 11:14:26 +0100
Reply-To: [email protected]
Sender: [email protected]
From: Carles Xavier Munyoz =?iso-8859-1?Q?Bald=F3?= <[email protected]>
To: Lista WU-FTP <[email protected]>
Subject: Too many files.
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Sender: [email protected]
X-Envelope-To: <[email protected]>
X-Mailer: Mozilla 4.5 [en] (X11; I; Linux 2.0.36 i586)
X-Accept-Language: en
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Hello,

One of my users is having the next problem.
When he sends a lot of files the ftp server stops the transfer (the
connection is not finished, but there is no more transfer of files).
He's using Cute-FTP as client.
Which may be the problem ?

Thanks in advanced.
---
CTV Internet [http://www.ctv.es]
Carles Xavier Munyoz Bald� / [email protected] / [email protected]
http://www.ctv.es/USERS/carles
Clave p�blica PGP / PGP public KEY
http://www.ctv.es/PGP-STAFF/carles.html
Dpto. Sistemas / Ingeniero Inform�tico
Tel: +34 (9)6 5845291 - Fax: +34 (9)6 5844896
---

From [email protected] Thu Feb 4 04:33:45 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id EAA29027;
Thu, 4 Feb 1999 04:33:44 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id EAA32440;
Thu, 4 Feb 1999 04:30:41 -0600 (CST)
Received: from irene.ctv.es (irene.ctv.es [212.25.129.13])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id EAA03534
for <[email protected]>; Thu, 4 Feb 1999 04:22:03 -0600 (CST)
Received: from ctv.es ([192.168.8.9])
by irene.ctv.es (8.9.1b+Sun/8.9.1) with ESMTP id LAA04726
for <[email protected]>; Thu, 4 Feb 1999 11:21:27 +0100 (MET)
Message-Id: <[email protected]>
Date: Thu, 04 Feb 1999 11:15:59 +0100
Reply-To: [email protected]
Sender: [email protected]
From: Carles Xavier Munyoz =?iso-8859-1?Q?Bald=F3?= <[email protected]>
To: Lista WU-FTP <[email protected]>
Subject: FTPD standalone.
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Sender: [email protected]
X-Envelope-To: <[email protected]>
X-Mailer: Mozilla 4.5 [en] (X11; I; Linux 2.0.36 i586)
X-Accept-Language: en
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Hello,

How can I make my wu-ftpd server acts as a standalone server, whitout
the need of inetd ?

Thanks.
---
CTV Internet [http://www.ctv.es]
Carles Xavier Munyoz Bald� / [email protected] / [email protected]
http://www.ctv.es/USERS/carles
Clave p�blica PGP / PGP public KEY
http://www.ctv.es/PGP-STAFF/carles.html
Dpto. Sistemas / Ingeniero Inform�tico
Tel: +34 (9)6 5845291 - Fax: +34 (9)6 5844896
---

From [email protected] Thu Feb 4 05:50:48 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id FAA29622;
Thu, 4 Feb 1999 05:50:47 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id FAA12111;
Thu, 4 Feb 1999 05:46:26 -0600 (CST)
Received: from relay.pair.com (relay1.pair.com [209.68.1.20])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id FAA17919
for <[email protected]>; Thu, 4 Feb 1999 05:44:01 -0600 (CST)
Received: from microsoft.sucks.eu.org ([email protected] [137.226.8.215])
by relay.pair.com (8.8.7/8.8.5) with SMTP id GAA22711;
Thu, 4 Feb 1999 06:45:38 -0500 (EST)
Message-Id: <Pine.LNX.4.04.9902041225460.17582-100000@k6.microsoft.sucks.eu.org>
Date: Thu, 4 Feb 1999 12:26:00 +0100 (CET)
Reply-To: [email protected]
Sender: [email protected]
From: Bernhard Rosenkraenzer <[email protected]>
To: Carles Xavier Munyoz =?iso-8859-1?Q?Bald=F3?= <[email protected]>
Cc: Lista WU-FTP <[email protected]>
Subject: Re: FTPD standalone.
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from QUOTED-PRINTABLE to 8bit by wugate.wustl.edu id FAA03615
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Thu, 4 Feb 1999, Carles Xavier Munyoz Bald� wrote:

> How can I make my wu-ftpd server acts as a standalone server, whitout
> the need of inetd ?

By upgrading to either the VR version or BeroFTPD.

LLaP
bero

--
Windows 98 supports real multitasking - it can boot and crash simultaneously.
***
Anyone sending unwanted advertising e-mail to this address will be charged
$25 for network traffic and computing time. By extracting my address from
this message or its header, you agree to these terms.

From [email protected] Thu Feb 4 06:20:12 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id GAA00398;
Thu, 4 Feb 1999 06:20:12 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id GAA10637;
Thu, 4 Feb 1999 06:17:11 -0600 (CST)
Received: from pdns.axidia.fr (pdns.axidia.fr [62.160.201.66])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id GAA22629
for <[email protected]>; Thu, 4 Feb 1999 06:14:55 -0600 (CST)
Received: by pdns.axidia.fr; (5.65v3.2/1.3/10May95) id AA16922; Thu, 4 Feb 1999 14:18:37 +0100
Received: from somewhere by smtpxd
Message-Id: <[email protected]>
Date: Thu, 04 Feb 1999 13:19:08 +0100
Reply-To: [email protected]
Sender: [email protected]
From: "Philippe CALVEZ" <[email protected]>
To: WU-FTP <[email protected]>
Subject: LDAP connector
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Mailer: Mozilla 4.5 [fr] (WinNT; I)
X-Accept-Language: fr
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

hello,

Is it possible with WU-FTPD to authenticate users on an LDAP server ?

Thanks,
__
Philippe Calvez
Axidia

From [email protected] Thu Feb 4 06:59:58 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id GAA00760;
Thu, 4 Feb 1999 06:59:57 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id GAA27378;
Thu, 4 Feb 1999 06:56:44 -0600 (CST)
Received: from btm4r4.alcatel.be (btm4r4.alcatel.be [195.207.101.110])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id GAA10078
for <[email protected]>; Thu, 4 Feb 1999 06:51:56 -0600 (CST)
Received: from net024.god.bel.alcatel.be ([email protected] [138.203.207.24])
by btm4r4.alcatel.be (8.9.1a/8.9.1) with ESMTP id NAA29632
for <[email protected]>; Thu, 4 Feb 1999 13:51:22 +0100 (MET)
Received: from alcatel.be ([email protected] [138.203.207.24])
by net024.god.bel.alcatel.be (8.8.7/8.8.7) with ESMTP id NAA03899;
Thu, 4 Feb 1999 13:51:19 +0100 (MET)
Message-Id: <[email protected]>
Date: Thu, 04 Feb 1999 13:51:19 +0100
Reply-To: [email protected]
Sender: [email protected]
From: Timpie <[email protected]>
To: wu-ftp mailing list <[email protected]>
Cc: [email protected]
Subject: umask setting not possible ?
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Sender: [email protected]
X-Mailer: Mozilla 4.07 [en] (X11; I; HP-UX B.10.01 9000/735)
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Hey there,

I've set up an ftp server and puzzled with the following problem.
I need users from a certain class with type guest umasked to 777
for all the files they upload to their chrooted dirs. Unfortunately
>From what I understand only Anonymous type users can be setup
this way ... or am I mistaken ?

Any of you know something I don't, coz right now I have a cron
job scheduled every 15 minutes to chmod the files in the specific
dirs ... Stoopid but hey at least I get the job done for now

... anyone

--
Tim Schelfhout
Alcanet
Sys admin

From [email protected] Thu Feb 4 07:00:47 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id HAA00785;
Thu, 4 Feb 1999 07:00:47 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id GAA25661;
Thu, 4 Feb 1999 06:57:44 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id GAA07181
for <[email protected]>; Thu, 4 Feb 1999 06:56:08 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.1a/8.9.1) with ESMTP id HAA19882;
Thu, 4 Feb 1999 07:55:54 -0500
Message-Id: <[email protected]>
Date: Thu, 4 Feb 1999 07:55:53 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: "Pavel P. Zabortsev" <[email protected]>
Cc: WU-FTPD mailing list <[email protected]>
Subject: Re: Passive FTP & Web browsers
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Thu, 4 Feb 1999, Pavel P. Zabortsev wrote:

> Is there any way to disable PASSIVE command on wu-ftpd?
>
> This is because our FTP-server is behind Firewall, which forbids
> passive mode for ftp by packets filtrations. Web browsers use passive
> mode for access to FTP-servers (correct me, if I mistaken). The result
> is impossibility to access this FTP-server!

The current VR version has this feature, as does the current BeroFTPD
version (I believe). Both are available at my ftp site:
ftp://ftp.vr.net/pub/wu-ftpd/

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Thu Feb 4 07:08:24 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id HAA00855;
Thu, 4 Feb 1999 07:08:23 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id HAA05602;
Thu, 4 Feb 1999 07:04:05 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id HAA13402
for <[email protected]>; Thu, 4 Feb 1999 07:02:02 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.1a/8.9.1) with ESMTP id IAA19934;
Thu, 4 Feb 1999 08:01:56 -0500
Message-Id: <[email protected]>
Date: Thu, 4 Feb 1999 08:01:56 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: Philippe CALVEZ <[email protected]>
Cc: WU-FTP <[email protected]>
Subject: Re: LDAP connector
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Thu, 4 Feb 1999, Philippe CALVEZ wrote:

> Is it possible with WU-FTPD to authenticate users on an LDAP server ?

No. Excellent itea, though. If noone has it, look for PAM patches for
the daemon and install the method in the PAM stack.

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Thu Feb 4 07:08:28 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id HAA00863;
Thu, 4 Feb 1999 07:08:27 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id HAA02174;
Thu, 4 Feb 1999 07:02:56 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id GAA30440
for <[email protected]>; Thu, 4 Feb 1999 06:58:44 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.1a/8.9.1) with ESMTP id HAA19906;
Thu, 4 Feb 1999 07:58:33 -0500
Message-Id: <[email protected]>
Date: Thu, 4 Feb 1999 07:58:33 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: Carles Xavier Munyoz =?iso-8859-1?Q?Bald=F3?= <[email protected]>
Cc: Lista WU-FTP <[email protected]>
Subject: Re: Too many files.
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=X-UNKNOWN
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from QUOTED-PRINTABLE to 8bit by wugate.wustl.edu id GAA29402
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Thu, 4 Feb 1999, Carles Xavier Munyoz [iso-8859-1] Bald� wrote:

> When he sends a lot of files the ftp server stops the transfer (the
> connection is not finished, but there is no more transfer of files).
> He's using Cute-FTP as client. Which may be the problem ?

That's hard to say. I'd look for either communication errors or an ISP
with a quota of some sort (I understand, for instance, that AOL has time
limits).

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Thu Feb 4 07:08:34 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id HAA00871;
Thu, 4 Feb 1999 07:08:33 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id HAA25044;
Thu, 4 Feb 1999 07:03:28 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id GAA18538
for <[email protected]>; Thu, 4 Feb 1999 06:59:41 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.1a/8.9.1) with ESMTP id HAA19916;
Thu, 4 Feb 1999 07:59:34 -0500
Message-Id: <[email protected]>
Date: Thu, 4 Feb 1999 07:59:34 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: Carles Xavier Munyoz =?iso-8859-1?Q?Bald=F3?= <[email protected]>
Cc: Lista WU-FTP <[email protected]>
Subject: Re: FTPD standalone.
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=X-UNKNOWN
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from QUOTED-PRINTABLE to 8bit by wugate.wustl.edu id GAA07678
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Thu, 4 Feb 1999, Carles Xavier Munyoz [iso-8859-1] Bald� wrote:

> How can I make my wu-ftpd server acts as a standalone server, whitout
> the need of inetd ?

Run either the VR or BeroFTPD version. Both are available from my FTP
site ftp://ftp.vr.net/pub/wu-ftpd/

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Thu Feb 4 07:12:33 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id HAA00931;
Thu, 4 Feb 1999 07:12:33 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id HAA22909;
Thu, 4 Feb 1999 07:09:30 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id HAA09959
for <[email protected]>; Thu, 4 Feb 1999 07:04:31 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.1a/8.9.1) with ESMTP id IAA19954;
Thu, 4 Feb 1999 08:04:07 -0500
Message-Id: <[email protected]>
Date: Thu, 4 Feb 1999 08:04:06 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: Timpie <[email protected]>
Cc: wu-ftp mailing list <[email protected]>, [email protected]
Subject: Re: umask setting not possible ?
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Thu, 4 Feb 1999, Timpie wrote:

> I've set up an ftp server and puzzled with the following problem. I
> need users from a certain class with type guest umasked to 777 for all
> the files they upload to their chrooted dirs. Unfortunately >From
> what I understand only Anonymous type users can be setup this way ...
> or am I mistaken ?

guestgroup. read the FAQ.

> Any of you know something I don't, coz right now I have a cron job
> scheduled every 15 minutes to chmod the files in the specific dirs ...
> Stoopid but hey at least I get the job done for now

The VR and BeroFTPD versions also have additional umask and permission
features. They are available from my ftp site:
ftp://ftp.vr.net/pub/wu-ftpd/

The location of the latest version of wu-ftpd can be found in the
directory

ftp://ftp.academ.com/pub/wu-ftpd/private/

You can't see the directory contents, so read the message informing you
of the actual filename to retrieve. It's there.

wu-ftpd Resource Center: http://www.landfield.com/wu-ftpd/
wu-ftpd FAQ: http://www.cetis.hvu.nl/~koos/wu-ftpd-faq.html
wu-ftpd list archive: http://www.landfield.com/wu-ftpd/mail-archive/

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Thu Feb 4 08:24:18 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id IAA01682;
Thu, 4 Feb 1999 08:24:17 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id IAA03470;
Thu, 4 Feb 1999 08:20:57 -0600 (CST)
Received: from btm4r4.alcatel.be (btm4r4.alcatel.be [195.207.101.110])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id IAA14832
for <[email protected]>; Thu, 4 Feb 1999 08:17:41 -0600 (CST)
Received: from bt00i8.net.alcatel.be ([email protected] [138.203.146.208])
by btm4r4.alcatel.be (8.9.1a/8.9.1) with ESMTP id PAA08444;
Thu, 4 Feb 1999 15:17:08 +0100 (MET)
Received: from localhost (root@localhost) by bt00i8.net.alcatel.be with SMTP (8.7.6/8.7.1) id PAA20555; Thu, 4 Feb 1999 15:17:07 +0100 (MET)
Message-Id: <H000080101b784dc@MHS>
Date: Thu, 4 Feb 99 15:16:55 +0100
Reply-To: [email protected]
Sender: [email protected]
From: [email protected]
To: [email protected]
Cc: [email protected], [email protected]
Subject: RE: umask setting not possible ?
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="openmail-part-0484255c-00000001"
X-OpenMail-Hops: 1
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

--openmail-part-0484255c-00000001
Content-Type: text/plain; charset=US-ASCII; name="BDY.TXT"
Content-Disposition: inline; filename="BDY.TXT"
Content-Transfer-Encoding: 7bit

Excuse me, I read the FAQ and maybe I'm missing something here but I
just don't see
where 'guestgroup' would solve my problem ? Where would I set the
umask on the
dirs, unless I could provide it to chroot at the time it's actually
executed where
I would put something in the home-dir field in /etc/passwd like this :

melco:x:620:21:FTP users:/data1/home/melco.umask 000:/bin/false

.. assuming chroot would read the command after the '.' but I don't
think it would work.

Jeeze ... maybe I should check out BeroFTPD that seems to have
additional umask features ...

Timpie

-----Original Message-----
From: lundberg+wuftpd /SMTP/[email protected]
[mailto:[email protected]]
Sent: Thursday, February 04, 1999 2:04 PM
To: tim.schelfhout /belx1/[email protected]
Cc: lundberg+wuftpd /SMTP/[email protected]; wu-ftpd
/SMTP/[email protected]; schelfht
/belx1/[email protected]
Subject: Re: umask setting not possible ?

On Thu, 4 Feb 1999, Timpie wrote:

> I've set up an ftp server and puzzled with the following problem. I
> need users from a certain class with type guest umasked to 777 for all
> the files they upload to their chrooted dirs. Unfortunately >From
> what I understand only Anonymous type users can be setup this way ...
> or am I mistaken ?

guestgroup. read the FAQ.

> Any of you know something I don't, coz right now I have a cron job
> scheduled every 15 minutes to chmod the files in the specific dirs
..
> Stoopid but hey at least I get the job done for now

The VR and BeroFTPD versions also have additional umask and permission
features. They are available from my ftp site:
ftp://ftp.vr.net/pub/wu-ftpd/

The location of the latest version of wu-ftpd can be found in the
directory

ftp://ftp.academ.com/pub/wu-ftpd/private/

You can't see the directory contents, so read the message informing you
of the actual filename to retrieve. It's there.

wu-ftpd Resource Center: http://www.landfield.com/wu-ftpd/
wu-ftpd FAQ: http://www.cetis.hvu.nl/~koos/wu-ftpd-faq.html
wu-ftpd list archive: http://www.landfield.com/wu-ftpd/mail-archive/

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

--openmail-part-0484255c-00000001
Content-Type: application/x-openmail-1734; name="WINMAIL.DAT"
Content-Disposition: attachment; filename="WINMAIL.DAT"
Content-Transfer-Encoding: base64

eJ8+IpfzAQaQCAAEAAAAAAABAAEAAQeQBgAIAAAA5AQAAAAAAADoAAEIgAcAGAAAAElQTS5N
aWNyb3NvZnQgTWFpbC5Ob3RlADEIAQ2ABAACAAAAAgACAAEEgAEAIQAAAFJFOiB1bWFzayBz
ZXR0aW5nIG5vdCBwb3NzaWJsZSA/AIELAQWAAwAOAAAAzwcCAAQADwAQADQABAAzAQEAgAAA
RwAAAAQARwAYAB8AU2NoZWxmaG91dCwgVGltIC9ORVRINAAAT1BFTk1BSUw6VGltIFNjaGVs
ZmhvdXQgL05FVEg0AAAAAAAAAAAAXxEBIIADAA4AAADPBwIABAAPAAkAOwAEADMBAQmAAQAh
AAAANDNBMzgwQ0MxMEJDRDIxMTgzNTYwMDYwOTc5MTc2QjIA3gYBA5AGAIgDAAAlAAAACwAC
AAEAAAALACMAAAAAAAMAJgAAAAAACwApAAAAAAALACsAAAAAAAMALgAAAAAAAwA2AAAAAABA
ADkAYLrFAklQvgEeAEIAAQAAABcAAABTY2hlbGZob3V0LCBUaW0gL05FVEg0AABAAEgA0JXJ
A0lQvgEeAHAAAQAAAB0AAAB1bWFzayBzZXR0aW5nIG5vdCBwb3NzaWJsZSA/AAAAAAIBcQAB
AAAAFgAAAAG+UEkCu8yAo0i8EBHSg1YAYJeRdrIAAB4AGgwBAAAAFwAAAFNjaGVsZmhvdXQs
IFRpbSAvTkVUSDQAAAIBHQwBAAAAHwAAAE9QRU5NQUlMOlRJTSBTQ0hFTEZIT1VUIC9ORVRI
NAAAHgAeDAEAAAAJAAAAT1BFTk1BSUwAAAAAHgAfDAEAAAAWAAAAVGltIFNjaGVsZmhvdXQg
L05FVEg0AAAAHgBCEAEAAAABAAAAAAAAAAMAgBD/////QAAHMLC6pqZGUL4BQAAIMPBiCw1I
UL4BAwDeP69vAAALAACACCAGAAAAAADAAAAAAAAARgAAAAADhQAAAAAAAAMAAoAIIAYAAAAA
AMAAAAAAAABGAAAAABCFAAAAAAAAAwAIgAggBgAAAAAAwAAAAAAAAEYAAAAAAYUAAAAAAAAD
ABeACCAGAAAAAADAAAAAAAAARgAAAABShQAA8BMAAB4AGIAIIAYAAAAAAMAAAAAAAABGAAAA
AFSFAAABAAAABAAAADguNQALABmACCAGAAAAAADAAAAAAAAARgAAAAAGhQAAAAAAAAsAHYAI
IAYAAAAAAMAAAAAAAABGAAAAAA6FAAAAAAAAAwAegAggBgAAAAAAwAAAAAAAAEYAAAAAEYUA
AAAAAAADACCACCAGAAAAAADAAAAAAAAARgAAAAAYhQAAAAAAAB4AL4AIIAYAAAAAAMAAAAAA
AABGAAAAADaFAAABAAAAAQAAAAAAAAAeADCACCAGAAAAAADAAAAAAAAARgAAAAA3hQAAAQAA
AAEAAAAAAAAAHgAxgAggBgAAAAAAwAAAAAAAAEYAAAAAOIUAAAEAAAABAAAAAAAAAAsAPIAL
IAYAAAAAAMAAAAAAAABGAAAAAACIAAAAAAAACwA+gAsgBgAAAAAAwAAAAAAAAEYAAAAABYgA
AAAAAAAeAD0AAQAAAAUAAABSRTogAAAAAAMADTT9NwAAC3c=

--openmail-part-0484255c-00000001--

From [email protected] Thu Feb 4 08:36:55 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id IAA01835;
Thu, 4 Feb 1999 08:36:55 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id IAA00674;
Thu, 4 Feb 1999 08:33:43 -0600 (CST)
Received: from mtiwmhc06.worldnet.att.net (mtiwmhc06.worldnet.att.net [204.127.131.41])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id IAA08249
for <[email protected]>; Thu, 4 Feb 1999 08:30:29 -0600 (CST)
Received: from healer.com ([12.77.217.134]) by mtiwmhc06.worldnet.att.net
(InterMail v03.02.07 118 124) with ESMTP
id <[email protected]>;
Thu, 4 Feb 1999 14:29:58 +0000
Message-Id: <[email protected]>
Date: Thu, 04 Feb 1999 09:48:15 -0800
Reply-To: [email protected]
Sender: [email protected]
From: Coranth Gryphon <[email protected]>
To: [email protected]
Cc: "Carles Xavier Munyoz Bald�" <[email protected]>,
Lista WU-FTP <[email protected]>
Subject: Re: FTPD standalone.
References: <Pine.LNX.4.04.9902041225460.17582-100000@k6.microsoft.sucks.eu.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Mailer: Mozilla 4.05 [en] (Win95; U)
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

> > How can I make my wu-ftpd server acts as a standalone server, whitout
> > the need of inetd ?
>
> By upgrading to either the VR version or BeroFTPD.

FWIW, I have the daemon (standalone mode) patch to 2.4.2-Beta-18
isolated, so if that's all someone needs, you can apply just that.

-coranth

From [email protected] Thu Feb 4 09:03:15 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id JAA02293;
Thu, 4 Feb 1999 09:03:14 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id IAA04804;
Thu, 4 Feb 1999 08:59:47 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id IAA12964
for <[email protected]>; Thu, 4 Feb 1999 08:54:41 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.1a/8.9.1) with ESMTP id JAA20716;
Thu, 4 Feb 1999 09:54:25 -0500
Message-Id: <[email protected]>
Date: Thu, 4 Feb 1999 09:54:25 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: [email protected]
Cc: [email protected], [email protected]
Subject: RE: umask setting not possible ?
In-Reply-To: <H000080101b784dc@MHS>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Thu, 4 Feb 1999 [email protected] wrote:

> Excuse me, I read the FAQ and maybe I'm missing something here but I
> just don't see where 'guestgroup' would solve my problem ? Where
> would I set the umask on the dirs, unless I could provide it to chroot
> at the time it's actually executed where I would put something in the
> home-dir field in /etc/passwd like this :
>
> melco:x:620:21:FTP users:/data1/home/melco.umask 000:/bin/false
>
> ... assuming chroot would read the command after the '.' but I don't
> think it would work.
>
> Jeeze ... maybe I should check out BeroFTPD that seems to have
> additional umask features ...

The base daemon will work.

Your main problem is you're asking about umask when you should be looking
for permissions and those are on the upload clause.

> On Thu, 4 Feb 1999, Timpie wrote:
>
> > I've set up an ftp server and puzzled with the following problem. I
> > need users from a certain class with type guest umasked to 777 for all
> > the files they upload to their chrooted dirs. Unfortunately >From
> > what I understand only Anonymous type users can be setup this way ...
> > or am I mistaken ?
>
> guestgroup. read the FAQ.

anonymous and guests are chroot'd so no, not only anonymous can be set up
this way.

as far as permissions are concerned, it works for real users too.

> The VR and BeroFTPD versions also have additional umask and permission
> features. They are available from my ftp site:
> ftp://ftp.vr.net/pub/wu-ftpd/
>
> The location of the latest version of wu-ftpd can be found in the
> directory
>
> ftp://ftp.academ.com/pub/wu-ftpd/private/
>
> You can't see the directory contents, so read the message informing you
> of the actual filename to retrieve. It's there.
>
> wu-ftpd Resource Center: http://www.landfield.com/wu-ftpd/
> wu-ftpd FAQ: http://www.cetis.hvu.nl/~koos/wu-ftpd-faq.html
> wu-ftpd list archive: http://www.landfield.com/wu-ftpd/mail-archive/

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Thu Feb 4 12:26:23 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id MAA05105;
Thu, 4 Feb 1999 12:26:22 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id MAA27682;
Thu, 4 Feb 1999 12:21:55 -0600 (CST)
Received: from hahp9k.harte-lyne.ca (hahp9k.harte-lyne.ca [209.47.131.101])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id MAA24782
for <[email protected]>; Thu, 4 Feb 1999 12:14:32 -0600 (CST)
Received: from u01 (hal_ham_g01_u01.harte-lyne.ca [209.47.131.111])
by hahp9k.harte-lyne.ca (8.8.7/8.8.7) with SMTP id NAA21119
for <[email protected]>; Thu, 4 Feb 1999 13:16:36 -0500 (EST)
Message-Id: <[email protected]>
Date: Thu, 4 Feb 1999 13:06:31 -0500
Reply-To: [email protected]
Sender: [email protected]
From: "James B. Byrne" <[email protected]>
To: [email protected]
Subject: BeroFTPD-1.3.2 configure question
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
X-mailer: Pegasus Mail for Win32 (v3.01b)
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Can anyone help me with this? I am trying to configure Bero on HP-UX 11.00
with gcc 2.8.1 and I am getting this error with "wtmpx". I have
tried to look wtmpx up with the man docs and references to it
don't exist on my system. What is the work around?

I have already sent this to Beroftpd-Bugs but I haven't received
any reply.

#./configure \
>--disable-standalone \
>--enable-chmod-lim \
>--enable-internal-ls \
>--enable-passwd \
>--enable-ratios \
>--enable-transfer-cnt \
>--enable-transfer-lim \
>--enable-throughput \
>--prefix=/usr/local \
>--with-confdir=/usr/local/etc/ftpd \
>--with-logdir=/usr/local/log \
>--with-piddir=/usr/local/pid

loading cache ./config.cache
checking host system type... hppa1.1-hp-hpux11.00
checking target system type... hppa1.1-hp-hpux11.00
checking build system type... hppa1.1-hp-hpux11.00
checking for gcc... gcc
checking whether the C compiler (gcc ) works... yes
checking whether the C compiler (gcc ) is a cross-compiler... no
checking whether we are using GNU C... yes
checking whether gcc accepts -g... yes
checking for POSIXized ISC... no
checking for ranlib... ranlib
checking for bison... bison -y
checking for a BSD compatible install... ./install-sh -c
checking for ar... ar
checking how to run the C preprocessor... gcc -E
checking for ANSI C header files... yes
checking for usercmp... no
checking for fnmatch... yes
checking for ftw... yes
checking for getusershell... yes
checking for setuid... yes
checking for snprintf... yes
checking for strcasestr... no
checking for strdup... yes
checking for strerror... yes
checking for strsep... no
checking for strstr... yes
checking for strcasecmp... yes
checking for strncasecmp... yes
checking for syslog... yes
checking for glob.h... yes
checking for fnmatch.h... yes
checking for glob... yes
checking type of qsort... void
checking for pid_t... yes
checking for vfork.h... no
checking for working vfork... yes
checking for dirfd... no
checking for flock... no
checking for getcwd... yes
checking for getdtablesize... yes
checking for getrlimit... yes
checking for sysinfo... yes
checking for sysconf... yes
checking for memcpy... yes
checking for memmove... yes
checking for sigemptyset... yes
checking for regexec... yes
checking for regex... yes
checking for setreuid... yes
checking for seteuid... no
checking for setegid... no
checking for setgrent... yes
checking for strtoul... yes
checking for setcompat... no
checking for fgetpwent... yes
checking for fgetspent... no
checking for lstat... yes
checking for fchdir... yes
checking for unistd.h... yes
checking for stdlib.h... yes
checking for fcntl.h... yes
checking for dirent.h... yes
checking for ftw.h... yes
checking for regex.h... yes
checking for shadow.h... yes
checking for grp.h... yes
checking for alloca.h... yes
checking for sys/termio.h... yes
checking for sys/statvfs.h... yes
checking for sys/statfs.h... no
checking for sys/vfs.h... yes
checking for sys/systeminfo.h... no
checking for syslog.h... yes
checking for sys/syslog.h... no
checking for sys/param.h... yes
checking for limits.h... yes
checking for values.h... yes
checking for bsd/bsd.h... no
checking for posix1_lim.h... no
checking for xopen_lim.h... no
checking for confname.h... no
checking for sys/file.h... yes
checking for utmpx.h... yes
checking for sac.h... no
checking for strings.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for ndir.h... no
checking for sys/ndir.h... no
checking for sys/dir.h... yes
checking for config.h... no
checking for libgen.h... yes
checking for arpa/ftp.h... yes
checking whether time.h and sys/time.h may both be included... yes
checking how to printf an off_t... off_t is just a long - using %d
checking if openlog requires 3 arguments... yes
checking which facility openlog understands... LOG_DAEMON
checking if there is a ut_host field in the utmp structure... yes
checking if there is a ut_pid field in the utmp structure... yes
checking if there is a ut_id field in the utmp structure... yes
checking if there is a ut_name field in the utmp structure... yes
checking if there is a ut_type field in the utmp structure... yes
checking if there is a ut_exit.e_termination field in the utmp structure... yes
checking if there is a ut_syslen field in the utmpx structure... no
checking how to determine wtmpx file... configure: error: Cannot find out how to
locate wtmpx file. Contact [email protected].
#

---
James B. Byrne Harte & Lyne Limited
vox: +1 905 561 1241 9 Brockley Drive
fax: +1 905 561 0757 Hamilton, Ontario
mailto:[email protected] Canada L8E 3C3

From [email protected] Thu Feb 4 12:38:43 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id MAA05292;
Thu, 4 Feb 1999 12:38:42 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id MAA17898;
Thu, 4 Feb 1999 12:34:13 -0600 (CST)
Received: from www.aachen.linux.de ([email protected] [198.22.51.242])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id MAA03782
for <[email protected]>; Thu, 4 Feb 1999 12:32:46 -0600 (CST)
Received: from microsoft.sucks.eu.org (ppp-061.in-trier.de [198.22.51.61])
by www.aachen.linux.de (Postfix) with SMTP
id 5A3B4D073; Thu, 4 Feb 1999 20:43:54 +0100 (CET)
Message-Id: <Pine.LNX.4.04.9902041923310.8107-100000@k6.microsoft.sucks.eu.org>
Date: Thu, 4 Feb 1999 19:24:16 +0100 (CET)
Reply-To: [email protected]
Sender: [email protected]
From: Bernhard Rosenkraenzer <[email protected]>
To: Gregory A Lundberg <[email protected]>
Cc: Philippe CALVEZ <[email protected]>, WU-FTP <[email protected]>
Subject: Re: LDAP connector
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Thu, 4 Feb 1999, Gregory A Lundberg wrote:

> On Thu, 4 Feb 1999, Philippe CALVEZ wrote:
>
> > Is it possible with WU-FTPD to authenticate users on an LDAP server ?
>
> No. Excellent itea, though. If noone has it, look for PAM patches for
> the daemon and install the method in the PAM stack.

BeroFTPD includes PAM support already, so if you don't want to look for
patches, get that.

ftp://beroftpd.unix.eu.org/pub/BeroFTPD/

LLaP
bero

--
Windows 98 supports real multitasking - it can boot and crash simultaneously.
***
Anyone sending unwanted advertising e-mail to this address will be charged
$25 for network traffic and computing time. By extracting my address from
this message or its header, you agree to these terms.

From [email protected] Fri Feb 5 14:08:56 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id OAA20652;
Fri, 5 Feb 1999 14:08:55 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id OAA03715;
Fri, 5 Feb 1999 14:04:08 -0600 (CST)
Received: from paris.ics.uci.edu ([email protected] [128.195.1.50])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id NAA20899
for <[email protected]>; Fri, 5 Feb 1999 13:56:45 -0600 (CST)
Received: from yensid.ics.uci.edu by paris.ics.uci.edu id aa08058;
5 Feb 99 11:54 PST
Message-Id: <[email protected]>
Date: Fri, 05 Feb 1999 11:54:00 -0800
Reply-To: [email protected]
Sender: [email protected]
From: Kathryn Fielding <[email protected]>
To: [email protected]
Subject: Help with Solaris 2.X anonymous ftp setup
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Hi, I've downloaded and installed the latest release, and
can make regular local and anonymous ftp work perfectly.

What we'd like to do now is to make it so that /pub/username
maps to /home/username/ftp. Is this easily doable without
hacking the ftp and automount servers? (We've done that in
the past with earlier versions and with amd).

We're running nis, but can accomodate both local files and
nis maps. We're also using stock Solaris automount. How
do I set this up in the chroot'ed environment?

How hard would this be to set up for one user? For 100 users?
I've checked the archives and didn't find anything that seemed
to help point the way.

-Kat

From [email protected] Fri Feb 5 21:26:39 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id VAA05897;
Fri, 5 Feb 1999 21:26:38 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id VAA06663;
Fri, 5 Feb 1999 21:22:21 -0600 (CST)
Received: from icair.iac.org.nz (evans.icair.iac.org.nz [199.190.182.2])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id VAA15778
for <[email protected]>; Fri, 5 Feb 1999 21:19:25 -0600 (CST)
Received: from pc9.icair.iac.org.nz by icair.iac.org.nz (4.1/SMI-4.1)
id AA13543; Sat, 6 Feb 99 16:20:58 NZD
Message-Id: <[email protected]>
Date: Sat, 06 Feb 1999 16:19:36 +1300
Reply-To: [email protected]
Sender: [email protected]
From: Dean Ashby <[email protected]>
To: [email protected]
Subject: BeroFTPD, Virtual Server ftpaccess files and the passwd directive
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Mailer: Mozilla 4.5 [en] (WinNT; I)
X-Accept-Language: en
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Hi All,

I'm in the process of setting up a new Linux box and decided to take the
opportunity to switch from wu-ftp to BeroFTPD.

I want to have a separate passwd for each virtual server so started by setting
up ftpservers with just a single IP address to begin with. I copied the
default ftpaccess file to the directory pointed to in ftpservers, and added a
passwd directive to point to an alternative password file.

The problem is (and I've seen it before on the list) is that when I log in
as the user in the alternative password file it fails. If I re-issue the
USER command and try logging in as the same user again it works.

The good news is that after taking a look at the source code I can see why
this is happening. The passwd directive is read by acl_setfunctions() in
access.c. Unfortunately this is called after the call to bero_getpwnam()
that is used in ftpd.c user() to fetch the encrypted password. The first
time bero_getpwnam() is called it looks in the default password, but by
the time it gets called the second time _path_passwd contains the path to
the alternative passwd file so everything works OK.

Any idea when this problem might be fixed?

Thanks,

Dean

--
+-------------------------------------------------------------------------+
| Dean Ashby, [email protected], ph 64-3-358-6992, fax 64-3-358-6999 |
| International Centre for Antarctic Information and Research (ICAIR) |
| PO Box 14-199, Christchurch, New Zealand. http://www.icair.iac.org.nz/ |
+-------------------------------------------------------------------------+

From [email protected] Sat Feb 6 12:30:52 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id MAA19369;
Sat, 6 Feb 1999 12:30:51 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id MAA21207;
Sat, 6 Feb 1999 12:25:07 -0600 (CST)
Received: from mail.rdc1.az.home.com ([email protected] [24.1.240.66])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id MAA11895
for <[email protected]>; Sat, 6 Feb 1999 12:13:55 -0600 (CST)
Received: from Howard ([24.1.245.117]) by mail.rdc1.az.home.com
(InterMail v4.00.03 201-229-104) with SMTP
id <19990206181344.EPJU6286.mail.rdc1.az.home.com@Howard>
for <[email protected]>; Sat, 6 Feb 1999 10:13:44 -0800
Message-Id: <[email protected]>
Date: Sat, 6 Feb 1999 11:13:09 -0700
Reply-To: [email protected]
Sender: [email protected]
From: "Howard Moneta" <[email protected]>
To: "wu-ftpd list" <[email protected]>
Subject: ftpwho list.
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_000E_01BE51C1.ADA59300"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.0810.800
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.0810.800
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

This is a multi-part message in MIME format.

------=_NextPart_000_000E_01BE51C1.ADA59300
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hi I would like to know if there is a way that I can get the contents of =
my ftpwho list not to scroll off the screen? If it would wrap to the =
next line then I would be able to see what a user is downloading rather =
then just where they are from which is all the will fit on the screen =
right now. I use Red Hat Linux.

Thanks,

Howard
[email protected]

------=_NextPart_000_000E_01BE51C1.ADA59300
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD W3 HTML//EN">
<HTML><HEAD>
<META content=3Dtext/html;charset=3Diso-8859-1 =
http-equiv=3DContent-Type>
<STYLE></STYLE>

<META content=3D'"MSHTML 5.00.0910.1309"' name=3DGENERATOR></HEAD>
<BODY bgColor=3D#ffffff>
<DIV>Hi I would like to know if there is a =
way that I=20
can get the contents of my ftpwho list not to scroll off the =
screen?  If it=20
would wrap to the next line then I would be able to see what a user is=20
downloading rather then just where they are from which is all the will =
fit on=20
the screen right now.  I use Red Hat Linux.</DIV>
<DIV> </DIV>
<DIV>Thanks,</DIV>
<DIV> </DIV>
<DIV>Howard</DIV>
<DIV><A=20
href=3D"mailto:[email protected]">[email protected]</A></DIV>
<DIV> </DIV></BODY></HTML>

------=_NextPart_000_000E_01BE51C1.ADA59300--

From [email protected] Sat Feb 6 14:19:29 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id OAA20225;
Sat, 6 Feb 1999 14:19:28 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id OAA17027;
Sat, 6 Feb 1999 14:13:55 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id OAA16614
for <[email protected]>; Sat, 6 Feb 1999 14:05:19 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.1a/8.9.1) with ESMTP id PAA07835;
Sat, 6 Feb 1999 15:05:09 -0500
Message-Id: <[email protected]>
Date: Sat, 6 Feb 1999 15:05:09 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: Howard Moneta <[email protected]>
Cc: wu-ftpd list <[email protected]>
Subject: Re: ftpwho list.
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Sat, 6 Feb 1999, Howard Moneta wrote:

> Hi I would like to know if there is a way that I can get the contents
> of my ftpwho list not to scroll off the screen? If it would wrap to
> the next line then I would be able to see what a user is downloading
> rather then just where they are from which is all the will fit on the
> screen right now. I use Red Hat Linux.

If you're using X, make your window wider. Otherwise, change the
resolution on your text console in LILO.

Personally, I don't bother with ftpwho/ftpcount. Instead I use `ps axw`
and if it's still too wide, I pipe the output through less to wrap it.
grep helps to, so try this:
ps axw | grep ftpd | less

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Sun Feb 7 09:51:10 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id JAA28895;
Sun, 7 Feb 1999 09:51:09 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id JAA05151;
Sun, 7 Feb 1999 09:45:31 -0600 (CST)
Received: from relay.pair.com (relay1.pair.com [209.68.1.20])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id JAA22852
for <[email protected]>; Sun, 7 Feb 1999 09:39:15 -0600 (CST)
Received: from microsoft.sucks.eu.org ([email protected] [137.226.8.216])
by relay.pair.com (8.8.7/8.8.5) with SMTP id KAA13394;
Sun, 7 Feb 1999 10:48:50 -0500 (EST)
Message-Id: <Pine.LNX.4.10.9902071620320.23107-100000@k6.microsoft.sucks.eu.org>
Date: Sun, 7 Feb 1999 16:21:37 +0100 (CET)
Reply-To: [email protected]
Sender: [email protected]
From: Bernhard Rosenkraenzer <[email protected]>
To: Dean Ashby <[email protected]>
Cc: [email protected]
Subject: Re: BeroFTPD, Virtual Server ftpaccess files and the passwd directive
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Sat, 6 Feb 1999, Dean Ashby wrote:

> The problem is (and I've seen it before on the list) is that when I log in
> as the user in the alternative password file it fails. If I re-issue the
> USER command and try logging in as the same user again it works.
>
> Any idea when this problem might be fixed?

Right now - get 1.3.3.
Thanks for finding the bug. Speeded up fixing it by far.

LLaP
bero

--
Windows 98 supports real multitasking - it can boot and crash simultaneously.
***
Anyone sending unwanted advertising e-mail to this address will be charged
$25 for network traffic and computing time. By extracting my address from
this message or its header, you agree to these terms.

From [email protected] Sun Feb 7 09:58:42 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id JAA28946;
Sun, 7 Feb 1999 09:58:42 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id JAA25332;
Sun, 7 Feb 1999 09:54:28 -0600 (CST)
Received: from relay.pair.com (relay1.pair.com [209.68.1.20])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id JAA17938
for <[email protected]>; Sun, 7 Feb 1999 09:39:24 -0600 (CST)
Received: from microsoft.sucks.eu.org ([email protected] [137.226.8.216])
by relay.pair.com (8.8.7/8.8.5) with SMTP id KAA13403;
Sun, 7 Feb 1999 10:49:05 -0500 (EST)
Message-Id: <Pine.LNX.4.10.9902071606270.23107-100000@k6.microsoft.sucks.eu.org>
Date: Sun, 7 Feb 1999 16:09:37 +0100 (CET)
Reply-To: [email protected]
Sender: [email protected]
From: Bernhard Rosenkraenzer <[email protected]>
To: "James B. Byrne" <[email protected]>
Cc: [email protected]
Subject: Re: BeroFTPD-1.3.2 configure question
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Thu, 4 Feb 1999, James B. Byrne wrote:

> checking how to determine wtmpx file... configure: error: Cannot find out how to
> locate wtmpx file. Contact [email protected].

The configure script assumes any system with <utmpx.h> also has a wtmpx
file (which is true for almost all systems).

Try finding out if you have a wtmpx file (find / -name "wtmpx"), and tell
me where it is (of if it's missing).

LLaP
bero

--
Windows 98 supports real multitasking - it can boot and crash simultaneously.
***
Anyone sending unwanted advertising e-mail to this address will be charged
$25 for network traffic and computing time. By extracting my address from
this message or its header, you agree to these terms.

From [email protected] Mon Feb 8 00:46:15 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id AAA06118;
Mon, 8 Feb 1999 00:46:13 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id AAA03828;
Mon, 8 Feb 1999 00:41:39 -0600 (CST)
Received: from web512.mail.yahoo.com (web512.yahoomail.com [128.11.68.82])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id AAA08558
for <[email protected]>; Mon, 8 Feb 1999 00:36:09 -0600 (CST)
Received: from [24.1.122.123] by web512.yahoomail.com; Sun, 07 Feb 1999 22:37:27 PST
Message-Id: <[email protected]>
Date: Sun, 7 Feb 1999 22:37:27 -0800 (PST)
Reply-To: [email protected]
Sender: [email protected]
From: Daniel Nowak <[email protected]>
To: [email protected]
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

I have two questions first i would like to limit users to only one
connection per ip address at a time. is this possable?

second I would like to have two guest groups
Co-workers and clients
and I would like to limit clients to 5 connections and coworkers to 10
connections can I limit user conections buy the group name?

Thank you for you time

Daniel Nowak

_________________________________________________________
DO YOU YAHOO!?
Get your free @yahoo.com address at http://mail.yahoo.com

From [email protected] Mon Feb 8 01:15:36 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id BAA06323;
Mon, 8 Feb 1999 01:15:35 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id BAA21944;
Mon, 8 Feb 1999 01:12:12 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id BAA21326
for <[email protected]>; Mon, 8 Feb 1999 01:10:07 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.1a/8.9.1) with ESMTP id CAA17469;
Mon, 8 Feb 1999 02:09:56 -0500
Message-Id: <[email protected]>
Date: Mon, 8 Feb 1999 02:09:56 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: Daniel Nowak <[email protected]>
Cc: [email protected]
Subject: Re: your mail
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Sun, 7 Feb 1999, Daniel Nowak wrote:

> I have two questions first i would like to limit users to only one
> connection per ip address at a time. is this possable?

Not yet. It's been a feature request for some time. I've not heard of
anyone offering a patch for this.

> second I would like to have two guest groups Co-workers and clients
> and I would like to limit clients to 5 connections and coworkers to 10
> connections can I limit user conections buy the group name?

Unix group? No.

> DO YOU YAHOO!?

No.

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Mon Feb 8 10:02:36 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id KAA11868;
Mon, 8 Feb 1999 10:02:35 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id JAA19717;
Mon, 8 Feb 1999 09:58:09 -0600 (CST)
Received: from thelab.hub.org (nat0716.mpoweredpc.net [142.177.190.208])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id JAA23901
for <[email protected]>; Mon, 8 Feb 1999 09:54:24 -0600 (CST)
Received: from localhost (scrappy@localhost)
by thelab.hub.org (8.9.2/8.9.1) with ESMTP id LAA32252
for <[email protected]>; Mon, 8 Feb 1999 11:54:19 -0400 (AST)
(envelope-from [email protected])
Message-Id: <[email protected]>
Date: Mon, 8 Feb 1999 11:54:19 -0400 (AST)
Reply-To: [email protected]
Sender: [email protected]
From: The Hermit Hacker <[email protected]>
To: [email protected]
Subject: BeroFTPD 1.3.3 under Solaris 2.5 ...
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Authentication-Warning: thelab.hub.org: scrappy owned process doing -bs
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

If you do a configure --enable-pam, the configure 'check' is broken. The
following patch fixes it...just got 'test' in the wrong place...

*** configure.in.orig Mon Feb 8 11:06:17 1999
--- configure.in Mon Feb 8 11:06:48 1999
***************
*** 263,269 ****
fi
if test "$pam" = "yes"; then
AC_CHECK_HEADER(security/pam_appl.h)
! if ! test "$ac_cv_header_security_pam_appl_h" = "yes"; then
AC_MSG_ERROR(You either do not have PAM libraries or you are using incompatible ones.)
else
AC_DEFINE(USE_PAM)
--- 263,269 ----
fi
if test "$pam" = "yes"; then
AC_CHECK_HEADER(security/pam_appl.h)
! if test ! "$ac_cv_header_security_pam_appl_h" = "yes"; then
AC_MSG_ERROR(You either do not have PAM libraries or you are using incompatible ones.)
else
AC_DEFINE(USE_PAM)

From [email protected] Mon Feb 8 10:07:10 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id KAA11971;
Mon, 8 Feb 1999 10:07:09 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id KAA12670;
Mon, 8 Feb 1999 10:04:02 -0600 (CST)
Received: from rehost.com (hawk.rehost.com [199.97.122.254])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id KAA10890
for <[email protected]>; Mon, 8 Feb 1999 10:02:30 -0600 (CST)
Received: from kestrel (kestrel.rehost.com [172.22.47.9])
by rehost.com (8.9.0/8.9.1) with SMTP id LAA01985
for [email protected]; Mon, 8 Feb 1999 11:02:24 -0500
Message-Id: <[email protected]>
Date: Mon, 8 Feb 1999 11:02:24 -0500
Reply-To: [email protected]
Sender: [email protected]
From: Bret McDanel <[email protected]>
To: [email protected]
Subject: Security Issue that prolly should be addressed in some mannor
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 7bit
X-Mailer: XCmail 0.99.6 - with PGP support, PGP engine version 0.5
X-Mailerorigin: http://www.fsai.fh-trier.de/~schmitzj/Xclasses/XCmail/
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Welp, again this reared its head, and so with it came an exploit for
this.. Someone released a paper detailing how ftpd doesnt check to see if
the person connecting via PASV is from the same IP as the person actually
connecting.. Since there is now a program floating around to let people
do this, and a new paper that was released so that people can learn about
it, it may be time to address this..

Basically here is the problem:
When a client issues a PASV request, the server replies with the port to
connect to. Using guessing techniques an attacker could connect to the
server, and if they get there before the client, they could get the data
(RETR,LIST,NLST ...) that the server was sending to the client. Becuase
more and more people are using web browsers to download, which only use
PASV mode transfers, and some are forced to transfer PASV because of
firewalls, etc, this is a growing concern..

Some more information can be obtained from:
http://www.nai.com/products/security/ballista/interface/modules/module2003.html
http://www.infowar.com/iwftp/iw_sec/iw_sec_01.txt

There are some suggestions on how to make this problem more minimal on
those sites as well..

--
Bret McDanel http://www.rehost.com
Realistic Technologies, Inc. 973-514-1144

These opinions are mine, and may not be the same as my employer

From [email protected] Mon Feb 8 10:27:26 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id KAA12252;
Mon, 8 Feb 1999 10:27:25 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id KAA14058;
Mon, 8 Feb 1999 10:23:05 -0600 (CST)
Received: from mailhub.state.ma.us (mailhub.state.ma.us [146.243.12.156])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id KAA27828
for <[email protected]>; Mon, 8 Feb 1999 10:21:20 -0600 (CST)
Received: from itd-nt4s-bdc1.itd.state.ma.us by mailhub.state.ma.us with ESMTP; Mon, 8 Feb 1999 11:14:46 -0500
Received: by itd-nt4s-bdc1.itd.state.ma.us with Internet Mail Service (5.5.1960.3)
id <CV8QXAGG>; Mon, 8 Feb 1999 11:19:45 -0500
Message-Id: <C36AF664F70CD1118E7B00A02499A7600105B52E@itd-nt4s-bdc1.itd.state.ma.us>
Date: Mon, 8 Feb 1999 11:19:44 -0500
Reply-To: [email protected]
Sender: [email protected]
From: "Chen, Liang" <[email protected]>
To: [email protected]
Subject: Can you help me out?
MIME-Version: 1.0
Content-Type: text/plain
X-Mailer: Internet Mail Service (5.5.1960.3)
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

I'm using wu-2.4.2-academ[BETA-18](1) on AIX 4.3.1. I have a problem
with any command such as "ls, put, ..."
My error message says "500 Illegal PORT Command".

Any idea how to fix this problem?

Thanks

Liang Chen

From [email protected] Mon Feb 8 10:32:32 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id KAA12333;
Mon, 8 Feb 1999 10:32:31 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id KAA00974;
Mon, 8 Feb 1999 10:29:28 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id KAA15955
for <[email protected]>; Mon, 8 Feb 1999 10:24:57 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.1a/8.9.1) with ESMTP id LAA20070;
Mon, 8 Feb 1999 11:24:49 -0500
Message-Id: <[email protected]>
Date: Mon, 8 Feb 1999 11:24:49 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: Bret McDanel <[email protected]>
Cc: [email protected]
Subject: Re: Security Issue that prolly should be addressed in some mannor
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Mon, 8 Feb 1999, Bret McDanel wrote:

> Welp, again this reared its head, and so with it came an exploit for
> this.. Someone released a paper detailing how ftpd doesnt check to
> see if the person connecting via PASV is from the same IP as the
> person actually connecting.. Since there is now a program floating
> around to let people do this, and a new paper that was released so
> that people can learn about it, it may be time to address this..
>
> Basically here is the problem: When a client issues a PASV request,
> the server replies with the port to connect to. Using guessing
> techniques an attacker could connect to the server, and if they get
> there before the client, they could get the data (RETR,LIST,NLST ...)
> that the server was sending to the client. Becuase more and more
> people are using web browsers to download, which only use PASV mode
> transfers, and some are forced to transfer PASV because of firewalls,
> etc, this is a growing concern..
>
> Some more information can be obtained from:
>
> http://www.nai.com/products/security/ballista/interface/modules/module2003.html
> http://www.infowar.com/iwftp/iw_sec/iw_sec_01.txt
>
> There are some suggestions on how to make this problem more minimal on
> those sites as well..

The only thing close to a workable solution I see on the nai.com site is
the following quote:

The problem with these auxiliary connections is that the existing
FTP protocol lacks any method of assuring that the client or
server which initiates the connection is really the one attached
to the associated control connection.

In other words, they don't have one which will work. Their only proposal
would require a change to existing clients and servers which is unlikely
to be widely deployed anytime soon.

It is important to realize what is said at inforwar.com:

The ability for this attack to be performed is not 100%
guaranteed. The higher the volume of traffic an FTP server sees,
the higher the potential for a successful attack. This attack has
not yet been observed in the wild.

They point out:

Solving the problem requires careful thought. Server programmers
can program a server to identify the client address associated
with the control port and only allow data port connections from
the client address, however this server would not be RFC compliant.

The only currently viable solution is RFC2228 to which infowar.com rightly
points out:

Through the use of a secured data channel, the Pizza Thief threat
is reduced to a simple denial of service attack.

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Mon Feb 8 10:34:31 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id KAA12361;
Mon, 8 Feb 1999 10:34:30 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id KAA20214;
Mon, 8 Feb 1999 10:30:13 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id KAA04184
for <[email protected]>; Mon, 8 Feb 1999 10:25:51 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.1a/8.9.1) with ESMTP id LAA20076;
Mon, 8 Feb 1999 11:25:44 -0500
Message-Id: <[email protected]>
Date: Mon, 8 Feb 1999 11:25:43 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: "Chen, Liang" <[email protected]>
Cc: [email protected]
Subject: Re: Can you help me out?
In-Reply-To: <C36AF664F70CD1118E7B00A02499A7600105B52E@itd-nt4s-bdc1.itd.state.ma.us>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Mon, 8 Feb 1999, Chen, Liang wrote:

> I'm using wu-2.4.2-academ[BETA-18](1) on AIX 4.3.1. I have a problem
> with any command such as "ls, put, ..." My error message says "500
> Illegal PORT Command".

Start with the FAQ.

The location of the latest version of wu-ftpd can be found in the
directory

ftp://ftp.academ.com/pub/wu-ftpd/private/

You can't see the directory contents, so read the message informing you
of the actual filename to retrieve. It's there.

wu-ftpd Resource Center: http://www.landfield.com/wu-ftpd/
wu-ftpd FAQ: http://www.cetis.hvu.nl/~koos/wu-ftpd-faq.html
wu-ftpd list archive: http://www.landfield.com/wu-ftpd/mail-archive/

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Mon Feb 8 10:52:08 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id KAA00205;
Mon, 8 Feb 1999 10:52:07 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id KAA06051;
Mon, 8 Feb 1999 10:49:02 -0600 (CST)
Received: from ueitm1.unisourcelink.com ([38.149.121.67])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id KAA29553
for <[email protected]>; Mon, 8 Feb 1999 10:45:00 -0600 (CST)
Received: by UEITM1 with Internet Mail Service (5.5.1960.3)
id <DXBT1SNX>; Mon, 8 Feb 1999 11:48:30 -0500
Message-Id: <6BEE6C82D85BD211B4E700805F85A25D3295F0@PHLWAYM1>
Date: Mon, 8 Feb 1999 11:43:26 -0500
Reply-To: [email protected]
Sender: [email protected]
From: "Elliott, Don (Exton, PA)" <[email protected]>
To: "'wuftp'" <[email protected]>
Subject: WU-FTP on HP-UX 11.00
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="---- =_NextPart_001_01BE5382.C8FE4650"
X-Mailer: Internet Mail Service (5.5.1960.3)
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------ =_NextPart_001_01BE5382.C8FE4650
Content-Type: text/plain

I would greatly appreciate hearing any recommendations regarding the
compiling of wu-ftp on an HP-UX 11.00 system.

For example:
What version of GCC do you recommend?
Are any other utilities necessary?
What version of WU-FTP would you recommend using?

Any information would be appreciated...

Don Elliott

------ =_NextPart_001_01BE5382.C8FE4650
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
5.5.1960.3">
<TITLE>WU-FTP on HP-UX 11.00</TITLE>
</HEAD>
<BODY>

I would greatly appreciate hearing =
any recommendations regarding the compiling of wu-ftp on an HP-UX 11.00 =
system.


For example:
 What version of GCC do you =
recommend?
 Are any other utilities =
necessary?
 What version of WU-FTP would you =
recommend using?


Any information would be =
appreciated...


Don Elliott


</BODY>
</HTML>
------ =_NextPart_001_01BE5382.C8FE4650--

From [email protected] Mon Feb 8 11:58:26 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id LAA01213;
Mon, 8 Feb 1999 11:58:25 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id LAA13088;
Mon, 8 Feb 1999 11:54:06 -0600 (CST)
Received: from rehost.com (hawk.rehost.com [199.97.122.254])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id LAA11715
for <[email protected]>; Mon, 8 Feb 1999 11:50:39 -0600 (CST)
Received: from kestrel (kestrel.rehost.com [172.22.47.9])
by rehost.com (8.9.0/8.9.1) with SMTP id MAA04390;
Mon, 8 Feb 1999 12:50:36 -0500
Message-Id: <[email protected]>
Date: Mon, 8 Feb 1999 12:50:36 -0500
Reply-To: [email protected]
Sender: [email protected]
From: Bret McDanel <[email protected]>
To: [email protected]
Cc: [email protected]
Subject: Re: Can you help me out?
In-Reply-To: <C36AF664F70CD1118E7B00A02499A7600105B52E@itd-nt4s-bdc1.itd.state.ma.us>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 7bit
X-Mailer: XCmail 0.99.6 - with PGP support, PGP engine version 0.5
X-Mailerorigin: http://www.fsai.fh-trier.de/~schmitzj/Xclasses/XCmail/
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

---Reply on mail from Chen, Liang about Can you help me out?

> I'm using wu-2.4.2-academ[BETA-18](1) on AIX 4.3.1. I have a problem
> with any command such as "ls, put, ..."
> My error message says "500 Illegal PORT Command".
>
> Any idea how to fix this problem?
>
> Thanks
>
> Liang Chen

The only times I have seen that is when you send a PORT command to an IP
that is not your own.. There may be other times, however..

Odds are you are running some sorta NAT (Network Address Translation) on
your side, or are required to go through a proxy server, and it either
doenst correctly support FTP, or your client is bypassing it..

If you dont know what I am talking about, then odds are you arent the
network administrator at your site, and you should talk to that person for
advice.. If however you are the administrator and really need to get out,
then you can try to use the PASV commands instead.. some clients have
this enabled by typing 'passive' at the ftp prompt, others do it
automatically (netscape/MS internet explorer), some dont do it at all..

-- PORT/PASV - what are they? --
(prolly more information than some readers want to know so if you already
know what they are stop reading :)

When you get a file, a directory listing, etc there is another connection
made between the ftp server and the client. This is the data connection,
where the output of directory listings, files, etc are sent. There are 2
ways that you can get a file, one is by issuing a PORT command. This
tells the FTP server where to connect (on the client machine). Due to recent
abuses in this it is now typically restricted to the IP that you connect from.
The other method is PASV. This tells your client where to connect on the
FTP server.

These extra connections are for data transfers. When you do a ls/dir
(NLST/LIST) or when you get/put a file (RETR/STOR) that directory
listing/file transfer occurs on the data connection.

--
Bret McDanel http://www.rehost.com
Realistic Technologies, Inc. 973-514-1144

These opinions are mine, and may not be the same as my employer

From [email protected] Mon Feb 8 12:03:39 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id MAA01309;
Mon, 8 Feb 1999 12:03:39 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id MAA17269;
Mon, 8 Feb 1999 12:00:37 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id LAA31206
for <[email protected]>; Mon, 8 Feb 1999 11:57:56 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.1a/8.9.1) with ESMTP id MAA20780;
Mon, 8 Feb 1999 12:57:31 -0500
Message-Id: <[email protected]>
Date: Mon, 8 Feb 1999 12:57:31 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: "Elliott, Don (Exton, PA)" <[email protected]>
Cc: "'wuftp'" <[email protected]>
Subject: Re: WU-FTP on HP-UX 11.00
In-Reply-To: <6BEE6C82D85BD211B4E700805F85A25D3295F0@PHLWAYM1>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Mon, 8 Feb 1999, Elliott, Don (Exton, PA) wrote:

> I would greatly appreciate hearing any recommendations regarding the
> compiling of wu-ftp on an HP-UX 11.00 system.
>
> For example:
> What version of GCC do you recommend?

As current as possible, but any recent (within a year or two) version
should do.

> Are any other utilities necessary?

you'll probably want fileutils (for ls), tar, compress and gzip. the
versions which came with the OS should do fine, but a purist may want to
compile his own form known sources for use inside the ftp site.

> What version of WU-FTP would you recommend using?

If you have little or or no multi-homes ftp requirements, I'd suggest
VR13. If you expect a large numbe of multi-homes sites, or have need for
separate users per site, you'll want BeroFTPD.

The packages I've discussed here are all available at my ftp site:
ftp://ftp.vr.net/pub/wu-ftpd/

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Mon Feb 8 12:24:16 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id MAA01613;
Mon, 8 Feb 1999 12:24:16 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id MAA12047;
Mon, 8 Feb 1999 12:19:58 -0600 (CST)
Received: from kodakr.kodak.com (kodakr.kodak.com [192.232.119.69])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id MAA14128
for <[email protected]>; Mon, 8 Feb 1999 12:16:20 -0600 (CST)
Received: from corpmail.kodak.com (corpmail.kodak.com [150.220.10.55])
by kodakr.kodak.com (8.9.1/8.9.1) with ESMTP id NAA22048
for <[email protected]>; Mon, 8 Feb 1999 13:15:36 -0500 (EST)
Received: from EKC-GPID-W8GZ96 ([150.220.88.7]) by corpmail.kodak.com
(post.office MTA v1.9.3b ID# 269-16266) with SMTP id AAA27688
for <[email protected]>; Mon, 8 Feb 1999 13:14:37 -0400
Message-Id: <[email protected]>
Date: Mon, 8 Feb 1999 13:15:43 -0500
Reply-To: [email protected]
Sender: [email protected]
From: "Rick Flood" <[email protected]>
To: "WU-FTP List" <[email protected]>
Subject: 426 Data connection: Broken pipe
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0
X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3155.0
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

I seem to be seeing a lot of these, '426 Data connection: Broken pipe', in
my ftplog. I can generate one myself by stopping a transfer before it has
completed. What other events can cause this message?

From [email protected] Mon Feb 8 13:05:06 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id NAA02232;
Mon, 8 Feb 1999 13:05:05 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id NAA25237;
Mon, 8 Feb 1999 13:01:34 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id MAA23416
for <[email protected]>; Mon, 8 Feb 1999 12:55:39 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.1a/8.9.1) with ESMTP id NAA21309;
Mon, 8 Feb 1999 13:55:23 -0500
Message-Id: <[email protected]>
Date: Mon, 8 Feb 1999 13:55:23 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: Rick Flood <[email protected]>
Cc: WU-FTPD Discussion List <[email protected]>
Subject: Re: 426 Data connection: Broken pipe
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Mon, 8 Feb 1999, Rick Flood wrote:

> I seem to be seeing a lot of these, '426 Data connection: Broken
> pipe', in my ftplog. I can generate one myself by stopping a transfer
> before it has completed. What other events can cause this message?

Probably mostly people hitting 'Stop' on their web browser, or 'Cancel' on
the download.

426 occurs three places in the code:
- in send_data() when a data error occurs
- in receive_data() when a data error occurs
- in myoob() when an ABOR command follows out-of-band data

This last cause replies to the client with
426 Transfer aborted. Data connection closed.
226 Abort successful
so it cannot be the case you're referring to. At least in theory. In
practice, I expect IE doesn't follow the protocol and simply closes the
connection in Microsoft's typical RFC-what-RFC? fashion. So instead of
seeing this, the correct way to abort a transfer, we'll see one of the
other two causes.

Both send_data() and receive_data() call perror() for the error
description. The description indicates that the ferror(), read() or
write() error returned errno set to EPIPE. What specifically causes EPIPE
may vary from system to system.

Since it is pipe related, however, and since you're seeing a lot of it,
I'd suggest you have a lot of users hitting Stop while waiting for the
directory listing (output from ls, obtained through a pipe) to appear.

Other possible causes would be pressing Cancel while downloading file
processed through ftpconversion (sugh as .tar, .tar.gz) or pressing Stop
while waiting for a response from a SITE EXEC'd command.

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Mon Feb 8 14:21:42 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id OAA03191;
Mon, 8 Feb 1999 14:21:41 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id OAA08851;
Mon, 8 Feb 1999 14:18:33 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id OAA24011
for <[email protected]>; Mon, 8 Feb 1999 14:14:06 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.1a/8.9.1) with ESMTP id PAA22233;
Mon, 8 Feb 1999 15:13:54 -0500
Message-Id: <[email protected]>
Date: Mon, 8 Feb 1999 15:13:53 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: Bret McDanel <[email protected]>,
"Klaczynski, John (JK77)" <[email protected]>
Cc: [email protected]
Subject: Re: Security Issue that prolly should be addressed in some mannor
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Sat, 8 Nov 1997, Bret McDanel wrote:

> Date: Sat, 8 Nov 1997 14:03:02 -0500
> From: Bret McDanel <[email protected]>
> To: [email protected]
> Cc: [email protected]
> Subject: Re: Security Issue that prolly should be addressed in some mannor
>
> ---Reply on mail from Gregory A Lundberg about Security Issue that prolly should be addressed in some mannor
>
> > The only thing close to a workable solution I see on the nai.com site is
> > the following quote:
> >
> > The problem with these auxiliary connections is that the existing
> > FTP protocol lacks any method of assuring that the client or
> > server which initiates the connection is really the one attached
> > to the associated control connection.
> >
> > In other words, they don't have one which will work. Their only proposal
> > would require a change to existing clients and servers which is unlikely
> > to be widely deployed anytime soon.
> >
> yes but since the accept() call takes an argument (#2) of a struct
> sockaddr, and fills this with the information of the client that is
> connecting, then it is quite possible for the server to limit the
> connections (PASV) to the IP that asked for it.. This will minimize the
> risk (and I thought it was mentioned on one of those 2 sites, if not it is
> now mentioned here)..

Unfortunately, I have evidence from watching this problem on my own ftp
site that such a fix would, by violating the RFC, break a number of
firewall/proxy products which use a randomly-chosen source IP for the data
connections. I will grant that for PASV mode it is dubious whether this
does anything for the security of the client site, but for PORT mode it
has obvious advantages.

I have a scheme in hand to enforce the use of a randomly chosen PASV port.
I have not yet implemented it because, until your boast today (see below),
there were no known occuances of this in the wild and because the solution
which was submitted to me was not simple enough to be easily used by a
wide range of FTP site admins.

> > It is important to realize what is said at inforwar.com:
> >
> > The ability for this attack to be performed is not 100%
> > guaranteed. The higher the volume of traffic an FTP server sees,
> > the higher the potential for a successful attack. This attack has
> > not yet been observed in the wild.
> >
> yes but I wrote a program and released it last week.. So it is out
> there.. My program only would dump 1 connection, and would exit after
> that one connection, the unreleased version (woo this is really hard)
> loops forever logging to files, and changes the port range that it scans
> so that it keeps up with the new ports that the server issues..
>
> As for it not being 100% that is correct its a race condition where the
> client (maybe unknown to the attacker) issues the PASV command, and then
> connects.. If you get in there between that time then you get the data
> channel.. My program against ftp.cdrom.com worked quite well (dont know
> how well on a percentage basis I didnt to a 'SITE STATS' to see how many
> transfers or whatever was done) it got a hit every second or two.. This
> is quite high (I knew that ftp.cdrom.com would have a lot of activity so
> it seemed a good 'final test' area)..

Testing in-lab is one thing; I certainly hope you're simply boasting about
attacking ftp.cdrom.com or that you had their permission to do so. Even
if you designed the test to ensure their servers were not compromised, it
shows an appauling lack of professionalism on your part to have used them
unwittingly to test your attack.

And as for 'released' I hope you mean 'gave my boss a copy' and not
'published to the world'. Again, in-lab research is all well and good but
a security professional has NO business making his attacks publicly
available until AFTER ensuring the effected clients and servers have had
ample opportunity to correct the problem. If you feel your attack would
not be accepted by the maintainers of the clients and servers, the proper
channel would be to have it peer-reviewed by a trusted third-party (such
as CERT or AUSCERT) or taking up the matter with the appropriate IETF
Working Group rather than throwing it out for the script kids to play
with.

> > They point out:
> >
> > Solving the problem requires careful thought. Server programmers
> > can program a server to identify the client address associated
> > with the control port and only allow data port connections from
> > the client address, however this server would not be RFC compliant.
> >
> yup ok it did say that.. *THAT* much would improve the security greatly
> (however not completly close the hole)..

No, it does not because if the attacker is on the same machine (as is
common on many campus) the server has no way of knowing the connection
should not be honored. This is the reason that, as much as I'd like to
add this test, I haven't. It doesn't solve the problem from the
highest-risk sites: universities and disgruntled employees on 'intranets'.

> > The only currently viable solution is RFC2228 to which infowar.com rightly
> > points out:
> >
> > Through the use of a secured data channel, the Pizza Thief threat
> > is reduced to a simple denial of service attack.
> >
> yeah, mostly anonying as it wouldnt be complete, and it would leave a
> trail to the box/network that was trying to do this.. There would be much
> better DoS attacks than this..

Deployment of RFC2228-capable clients is sadly lagging.

For those concerned immedeately; BeroFTPD includes some support for
RFC2228 (on Kerberos). The base, beta-18 daemon does not and I have no
plans to add RFC2228 to the VR series. If you run Kerberos, can deploy
RFC2228-enabled ftp clients, and are concerned about this attack, I
recommend checking into upgrading to BeroFTPD.

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Mon Feb 8 14:48:57 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id OAA03597;
Mon, 8 Feb 1999 14:48:56 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id OAA14071;
Mon, 8 Feb 1999 14:45:52 -0600 (CST)
Received: from molbio.unmc.edu (molbio.unmc.edu [137.197.214.37])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id OAA07811
for <[email protected]>; Mon, 8 Feb 1999 14:40:59 -0600 (CST)
Received: from windsurf2 by molbio.unmc.edu (SMI-8.6/SMI-SVR4)
id OAA14879; Mon, 8 Feb 1999 14:44:37 -0600
Message-Id: <[email protected]>
Date: Mon, 08 Feb 1999 14:40:54 -0600
Reply-To: [email protected]
Sender: [email protected]
From: Chad Price <[email protected]>
To: [email protected]
Cc: [email protected]
Subject: Re: Security Issue that prolly should be addressed in some
mannor
In-Reply-To: <[email protected]>
References: <[email protected]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Sender: [email protected]
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

At 03:13 PM 2/8/1999 -0500, Gregory A Lundberg wrote:
>On Sat, 8 Nov 1997, Bret McDanel wrote:
[SNIP]
>
>> As for it not being 100% that is correct its a race condition where the
>> client (maybe unknown to the attacker) issues the PASV command, and then
>> connects.. If you get in there between that time then you get the data
>> channel.. My program against ftp.cdrom.com worked quite well (dont know
>> how well on a percentage basis I didnt to a 'SITE STATS' to see how many
>> transfers or whatever was done) it got a hit every second or two.. This
>> is quite high (I knew that ftp.cdrom.com would have a lot of activity so
>> it seemed a good 'final test' area)..
>
>Testing in-lab is one thing; I certainly hope you're simply boasting about
>attacking ftp.cdrom.com or that you had their permission to do so. Even
>if you designed the test to ensure their servers were not compromised, it
>shows an appauling lack of professionalism on your part to have used them
>unwittingly to test your attack.
>
>And as for 'released' I hope you mean 'gave my boss a copy' and not
>'published to the world'. Again, in-lab research is all well and good but
>a security professional has NO business making his attacks publicly
>available until AFTER ensuring the effected clients and servers have had
>ample opportunity to correct the problem. If you feel your attack would
>not be accepted by the maintainers of the clients and servers, the proper
>channel would be to have it peer-reviewed by a trusted third-party (such
>as CERT or AUSCERT) or taking up the matter with the appropriate IETF
>Working Group rather than throwing it out for the script kids to play
>with.

Since I posted some questions about getting the Bero version of WU-FTPd
running at my site, there has been a noticable increase in anonymous
connctions from places which normally should have no reason to login to my
site - I have nothing of interest to them. I suspect some of these
connections are simply to see if I have overlooked something trivial,
others would appear to be probes for places to hack into.

Posters to this list should be aware that posting their address to a list
like this and enumerating problems is likely to provoke unwanted connections.

Chad

Chad Price
Systems Manager
University of Nebraska Medical Center
600 S 42nd St
Omaha, NE 68506-6495
[email protected]
(402) 559-9527
(402) 559-4077 (FAX)

From [email protected] Mon Feb 8 15:08:26 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id PAA03824;
Mon, 8 Feb 1999 15:08:26 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id PAA00265;
Mon, 8 Feb 1999 15:05:07 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id PAA13410
for <[email protected]>; Mon, 8 Feb 1999 15:01:55 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.1a/8.9.1) with ESMTP id QAA22656;
Mon, 8 Feb 1999 16:01:47 -0500
Message-Id: <[email protected]>
Date: Mon, 8 Feb 1999 16:01:47 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: Chad Price <[email protected]>
Cc: [email protected]
Subject: Re: Security Issue that prolly should be addressed in some mannor
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Mon, 8 Feb 1999, Chad Price wrote:

> Since I posted some questions about getting the Bero version of
> WU-FTPd running at my site, there has been a noticable increase in
> anonymous connctions from places which normally should have no reason
> to login to my site - I have nothing of interest to them. I suspect
> some of these connections are simply to see if I have overlooked
> something trivial, others would appear to be probes for places to hack
> into.
>
> Posters to this list should be aware that posting their address to a
> list like this and enumerating problems is likely to provoke unwanted
> connections.

My experience is somewhat different. I have FTP servers running on
test-bed machines, some on the vr.net domain, some not. I have noticed
that even without publishing the domain where an FTP site is, there is a
surprising amount of anonymous traffic. So much so, that I was foreced to
move my test files (nothing important, just copies of stuff from my public
ftp site) into the private area so people would not be downloading things
from the wrong servers.

My point is that, once on the internet, people will find the site.
Security through obscurity fails. Period. If you don't want it freely
distributed don't put it on the 'net!

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Mon Feb 8 16:20:16 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id QAA04938;
Mon, 8 Feb 1999 16:20:15 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id QAA30730;
Mon, 8 Feb 1999 16:17:02 -0600 (CST)
Received: from rehost.com (hawk.rehost.com [199.97.122.254])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id QAA07912
for <[email protected]>; Mon, 8 Feb 1999 16:09:58 -0600 (CST)
Received: from kestrel (kestrel.rehost.com [172.22.47.9])
by rehost.com (8.9.0/8.9.1) with SMTP id RAA00710
for [email protected]; Sat, 8 Nov 1997 17:06:24 -0500
Message-Id: <[email protected]>
Date: Sat, 8 Nov 1997 17:06:24 -0500
Reply-To: [email protected]
Sender: [email protected]
From: Bret McDanel <[email protected]>
To: [email protected]
Subject: Patch - Re: Security Issue that prolly should be addressed in some mannor
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 7bit
X-Mailer: XCmail 0.99.6 - with PGP support, PGP engine version 0.5
X-Mailerorigin: http://www.fsai.fh-trier.de/~schmitzj/Xclasses/XCmail/
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

>>Testing in-lab is one thing; I certainly hope you're simply boasting about
>>attacking ftp.cdrom.com or that you had their permission to do so. Even
>>if you designed the test to ensure their servers were not compromised, it
>>shows an appauling lack of professionalism on your part to have used them
>>unwittingly to test your attack.
>>
[ To Greg Lundberg ]
you should have known if I was boasting (as you put it) or not BEFORE you
called my boss and tried to get me fired..

And it shows a lack of professionalism in your judgement to have called my
boss on the phone making threats against me and trying to get me fired for
releasing the program.. But hey that must have been a lot easier than
actually fixing a multiple year old problem..

>>And as for 'released' I hope you mean 'gave my boss a copy' and not
>>'published to the world'. Again, in-lab research is all well and good but
>>a security professional has NO business making his attacks publicly
>>available until AFTER ensuring the effected clients and servers have had
>>ample opportunity to correct the problem. If you feel your attack would
>>not be accepted by the maintainers of the clients and servers, the proper
>>channel would be to have it peer-reviewed by a trusted third-party (such
>>as CERT or AUSCERT) or taking up the matter with the appropriate IETF
>>Working Group rather than throwing it out for the script kids to play
>>with.
>
>
No, I posted to NTSEC ([email protected]) and bugtraq
([email protected]) in responce to an advisory (from www.infowar.com,
advisory #01) that was posted to NTESC.. It appears that ballista has
scanned for this type of problem for a LONG time, and it is known to many
for a LONG time (Aleph One (moderator of bugtraq) refused the program on
the basis that its "very, very old", and it appears that it is indeed old,
thus giving MORE than enough time to fix it, if a fix was disired)..

Earlier today when I tried to say that it should be addressed here (all
ftp servers still seem vunerable, havent tried it against Bero, however)
you seemed to think that it wasnt that big of a problem..

The code is trivial, basically its a port scanner (how many of those are
out there already) that records data from the port not just the fact that
there is a connection (ohh that is really hard to do).. If you just run a
portscanner against a busy FTP site, then it will be a DoS to this, yet no
one is complaining about people writing port scanners becuase they can DoS
ftpd (and the RFC doesnt say that ftpd should be DoSed by a portscanner so
that is indeed a coding problem with the server)..

> Since I posted some questions about getting the Bero version of WU-FTPd
> running at my site, there has been a noticable increase in anonymous
> connctions from places which normally should have no reason to login to my
> site - I have nothing of interest to them. I suspect some of these
> connections are simply to see if I have overlooked something trivial,
> others would appear to be probes for places to hack into.
>
[ to chris ]
Yeah, that also happens for some commercial software, I have heard that
people have subscribed to lists that talk about certain peices of software
and when someone says 'I have that' they attack that site..

I dont see why its that different than shouting in a crowded room that you
have things like a VCR or TV or ... I dont know of anyone that would goto
the mall and yell that they have a really nice big screen TV at home AND
give out their address, but people do it a lot from known names and talk
about software that they run (sometimes giving out OS versions, daemons
installed, etc)..

> Posters to this list should be aware that posting their address to a list
> like this and enumerating problems is likely to provoke unwanted connections.
>
This and any other list..

Now for the patch:
I was informed that Greg Lundberg refused to work with me to fix this, so
I did something on my own, and not being familiar with the way that
patches are packaged up I did it my own way.. It is really small, and
makes this only into a DoS attack for a lot of sites (rather than DoS and
data theft) (can be fixed if more time and effort was put into it, however
I dont care anymore since Greg called my boss, mentioned something about
the FBI and basically threatned my job earlier today I have lost all
interest in helping fix wu-ftpd..

This should hold people over until Greg finally releases his 'random' PASV
port selection routine (as he indicated he has been working on).. Again,
it will prevent data theft if the attacker isnt on the same system as the
real client, but it will prevent the real client from getting data for
that request (ie they have to request it again)..

In some situations it is possible that a person can get the data, however
the server attack only works for PASV connections. This means that since
most shell machine ftp clients dont use PASV, and netscape/explorer (who
always use PASV) arent typically run on shell machines for FTP at great
regularity, the total ammount of theft is limited.

Sites that implement NAT where all outgoing connections are the same IP
are still vunerable but only for connections from that site in the first
place..

There doesnt seem to be a really _quick_ and _easy_ way to make ftpd accept
more than one connection on the same port if the IPs dont match. If you
check your syslog messages and dont see a log entry like the one below
(that was already in the code) then odds are applying this wont affect
you, just prevent future data interception.

In src/ftpd.c at line 2502 I made it look like:
if (strcmp(dataaddr, remoteaddr) != 0) {
/*
* This will log when data connection comes from an address different
* than the control connection.
*/
syslog(LOG_NOTICE, "%s of %s [%s]: data connect from %s for %s%s",
anonymous ? guestpw : pw->pw_name, remotehost, remoteaddr,
dataaddr, name, sizebuf);
#ifdef STRICT_DATA
reply(500, "Can't build data connection");
close(pdata);
return(NULL);
#endif
}

In config.h (at the top level not in src) I appended at the end:
/*
* STRICT_DATA
* Define this if you want the IP for the control connection and the
* data connection to be the same (limits some type of data theft)
*/
#define STRICT_DATA

--
Bret McDanel http://www.rehost.com
Realistic Technologies, Inc. 973-514-1144

These opinions are mine, and may not be the same as my employer

From [email protected] Mon Feb 8 16:58:27 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id QAA05582;
Mon, 8 Feb 1999 16:58:26 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id QAA09298;
Mon, 8 Feb 1999 16:54:58 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id QAA23905
for <[email protected]>; Mon, 8 Feb 1999 16:50:18 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.1a/8.9.1) with ESMTP id RAA23613;
Mon, 8 Feb 1999 17:50:07 -0500
Message-Id: <[email protected]>
Date: Mon, 8 Feb 1999 17:50:06 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: Bret McDanel <[email protected]>
Cc: [email protected]
Subject: Re: Patch - Re: Security Issue that prolly should be addressed in
some mannor
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Sat, 8 Nov 1997, Bret McDanel wrote:

> you should have known if I was boasting (as you put it) or not BEFORE
> you called my boss and tried to get me fired..

I called you boss because you appear to have committed a felony and felt
he would be able to handle it more quickly and more efficiently than the
FBI or cdrom.com's laywers. I did not, however, attempt to get you fired.
In fact, I told him I would be willing to work with you on this issue once
the issue of your credentials had been established.

If my position on this is unacceptable to you, I can contact cdrom.com and
the FBI and they can explain things to you in more forcefull language.

I had hoped, btw, to keep this portion of this incident private between
the three of us.

> And it shows a lack of professionalism in your judgement to have
> called my boss on the phone making threats against me and trying to
> get me fired for releasing the program.. But hey that must have been
> a lot easier than actually fixing a multiple year old problem..
>
> >>And as for 'released' I hope you mean 'gave my boss a copy' and not
> >>'published to the world'. Again, in-lab research is all well and good but
> >>a security professional has NO business making his attacks publicly
> >>available until AFTER ensuring the effected clients and servers have had
> >>ample opportunity to correct the problem. If you feel your attack would
> >>not be accepted by the maintainers of the clients and servers, the proper
> >>channel would be to have it peer-reviewed by a trusted third-party (such
> >>as CERT or AUSCERT) or taking up the matter with the appropriate IETF
> >>Working Group rather than throwing it out for the script kids to play
> >>with.

> No, I posted to NTSEC ([email protected]) and bugtraq
> ([email protected]) in responce to an advisory (from
> www.infowar.com, advisory #01) that was posted to NTESC.. It appears
> that ballista has scanned for this type of problem for a LONG time,
> and it is known to many for a LONG time (Aleph One (moderator of
> bugtraq) refused the program on the basis that its "very, very old",
> and it appears that it is indeed old, thus giving MORE than enough
> time to fix it, if a fix was disired)..
>
> Earlier today when I tried to say that it should be addressed here
> (all ftp servers still seem vunerable, havent tried it against Bero,
> however) you seemed to think that it wasnt that big of a problem..
>
> The code is trivial, basically its a port scanner (how many of those
> are out there already) that records data from the port not just the
> fact that there is a connection (ohh that is really hard to do).. If
> you just run a portscanner against a busy FTP site, then it will be a
> DoS to this, yet no one is complaining about people writing port
> scanners becuase they can DoS ftpd (and the RFC doesnt say that ftpd
> should be DoSed by a portscanner so that is indeed a coding problem
> with the server)..

Of course the code is trivial. My first response to your posting was to
ensure the followers of this list that the problem was old and had never
been noted in the wild. Sure, they could do that by reading your links,
but I felt a posting would be more effective.

Believe me, I have been pondering this problem for many months now
(aproximately the same period I have been maintaining a version of
wu-ftpd). For me, this is not an old problem. It is, however, not as
high a priority as more direct assaults which have been brought to my
attention and which might potentially yield root privileges on the target
machine. Nor is it as high a priority as improving the admin's ability to
properly configure and manage his server.

I placed a low priority on the problem because it had never been seen in
the wild. In your misguided zealousness to glean some fame for yourself,
you have released ready-made code for even the lowliest script kid to play
with. And trust me, play with it they will.

Now, those of us who maintain FTP servers, not just wu-ftpd, but *ALL*
servers, must rush about, patching, attempting to limit the damage you
have caused. Next time, as I'm quite sure your boss has impressed upon
you, think before you act.

> I was informed that Greg Lundberg refused to work with me to fix this,

I told him, via private email, that I was satisified you were actually
working on network security and th I no longer felt I needed him in the
loop unless he wanted to remain there.

> so I did something on my own, and not being familiar with the way that
> patches are packaged up I did it my own way.. It is really small, and
> makes this only into a DoS attack for a lot of sites (rather than DoS
> and data theft) (can be fixed if more time and effort was put into it,
> however I dont care anymore since Greg called my boss, mentioned
> something about the FBI and basically threatned my job earlier today I
> have lost all interest in helping fix wu-ftpd..
>
> This should hold people over until Greg finally releases his 'random'
> PASV port selection routine (as he indicated he has been working on)..
> Again, it will prevent data theft if the attacker isnt on the same
> system as the real client, but it will prevent the real client from
> getting data for that request (ie they have to request it again)..
>
> In some situations it is possible that a person can get the data,
> however the server attack only works for PASV connections. This means
> that since most shell machine ftp clients dont use PASV, and
> netscape/explorer (who always use PASV) arent typically run on shell
> machines for FTP at great regularity, the total ammount of theft is
> limited.
>
> Sites that implement NAT where all outgoing connections are the same
> IP are still vunerable but only for connections from that site in the
> first place..
>
> There doesnt seem to be a really _quick_ and _easy_ way to make ftpd
> accept more than one connection on the same port if the IPs dont
> match. If you check your syslog messages and dont see a log entry
> like the one below (that was already in the code) then odds are
> applying this wont affect you, just prevent future data interception.
>
> In src/ftpd.c at line 2502 I made it look like:
> if (strcmp(dataaddr, remoteaddr) != 0) {
> /*
> * This will log when data connection comes from an address different
> * than the control connection.
> */
> syslog(LOG_NOTICE, "%s of %s [%s]: data connect from %s for %s%s",
> anonymous ? guestpw : pw->pw_name, remotehost, remoteaddr,
> dataaddr, name, sizebuf);
> #ifdef STRICT_DATA
> reply(500, "Can't build data connection");
> close(pdata);
> return(NULL);
> #endif
> }

This patch is a quick fix. it will not protect your site if the client is
on a shared-access machine where the race-attacker and the innocent-client
share the same IP address as is the case on many campus and with not a few
firewall/proxies. Since it is highly likely that such will be the case,
this patch serves more to show how a quick-fix pushed out without due
thought might give a false sense of security.

> In config.h (at the top level not in src) I appended at the end:
> /*
> * STRICT_DATA
> * Define this if you want the IP for the control connection and the
> * data connection to be the same (limits some type of data theft)
> */
> #define STRICT_DATA

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Mon Feb 8 17:04:24 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id RAA05699;
Mon, 8 Feb 1999 17:04:23 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id RAA17881;
Mon, 8 Feb 1999 17:01:21 -0600 (CST)
Received: from molbio.unmc.edu (molbio.unmc.edu [137.197.214.37])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id QAA13342
for <[email protected]>; Mon, 8 Feb 1999 16:59:37 -0600 (CST)
Received: from windsurf2 by molbio.unmc.edu (SMI-8.6/SMI-SVR4)
id RAA19410; Mon, 8 Feb 1999 17:03:50 -0600
Message-Id: <[email protected]>
Date: Mon, 08 Feb 1999 17:00:11 -0600
Reply-To: [email protected]
Sender: [email protected]
From: Chad Price <[email protected]>
To: [email protected], [email protected]
Cc: [email protected]
Subject: Re: Patch - Re: Security Issue that prolly should be addressed
in some mannor
In-Reply-To: <[email protected]>
References: <[email protected]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Sender: [email protected]
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

OK - now that we've got people thoroughly pissed of and a flame war
started, lets consider:

Bret seems to have found a problem and injudiciously posted that he tried
an attack against a commercial site. We don't know what actually happened.

Greg took exception and apparently without asking Bret seems to have got on
the phone to Bret's boss.

I think both parties made mistakes here and some over-reaction occurred.
Maybe the fix should be incorporated and the whole thing dropped.

Please guys, stop and think before you post and react. I've seen flame
wars ruin enough lists and newsgroups in my time. I don't want to see that
happen to this group, which supports the most responsive and useful ftp
server available.

Chad

Chad Price
Systems Manager
University of Nebraska Medical Center
600 S 42nd St
Omaha, NE 68506-6495
[email protected]
(402) 559-9527
(402) 559-4077 (FAX)

From [email protected] Mon Feb 8 20:57:43 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id UAA16270;
Mon, 8 Feb 1999 20:57:42 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id UAA20871;
Mon, 8 Feb 1999 20:54:40 -0600 (CST)
Received: from xf.hb.cninfo.net ([202.103.44.131])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id UAA29594
for <[email protected]>; Mon, 8 Feb 1999 20:53:21 -0600 (CST)
Received: from xf.hb.cninfo.net by xf.hb.cninfo.net (8.8.7/SMI-SVR4)
id JAA22501; Tue, 9 Feb 1999 09:48:48 +0800 (CST)
Message-Id: <[email protected]>
Date: Tue, 09 Feb 1999 10:51:57 +0800
Reply-To: [email protected]
Sender: [email protected]
From: =?gb2312?B?z+W3rsjIz98=?= <[email protected]>
To: [email protected]
Subject: How can i hide directory under Solaris 2.5.1 with wu-ftpd !
MIME-Version: 1.0
Content-Type: text/plain; charset=gb2312
Content-Transfer-Encoding: 7bit
X-Mailer: Mozilla 4.5 [en] (Win98; I)
X-Accept-Language: en
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Hi all :

How can i hide the directory under Solaris 2.5.1 ,and let my wu-ftp
user can't use "ls" to see them but can CD them !

From [email protected] Mon Feb 8 23:14:28 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id XAA28737;
Mon, 8 Feb 1999 23:14:27 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id XAA20661;
Mon, 8 Feb 1999 23:11:19 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id XAA06166
for <[email protected]>; Mon, 8 Feb 1999 23:09:48 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.1a/8.9.1) with ESMTP id AAA26811;
Tue, 9 Feb 1999 00:09:05 -0500
Message-Id: <[email protected]>
Date: Tue, 9 Feb 1999 00:09:04 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: =?gb2312?B?z+W3rsjIz98=?= <[email protected]>
Cc: [email protected]
Subject: Re: How can i hide directory under Solaris 2.5.1 with wu-ftpd !
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=X-UNKNOWN
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from QUOTED-PRINTABLE to 8bit by wugate.wustl.edu id XAA25770
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Tue, 9 Feb 1999, [gb2312] �差�� wrote:

> How can i hide the directory under Solaris 2.5.1 ,and let my wu-ftp
> user can't use "ls" to see them but can CD them !

Directory permissions.

Revoke read access on the parent directory and the user cannot see the
child. Revoke read on the child and the user cannot see its contents.

Execute permission allow the user to CD into the directory and access it
(the directory itself) to check permissions to determine which files may
be read/writen or which sub-directories may be used.

You can see an example of this in my sample site at

ftp://ftp.vr.net/pub/wu-ftpd/examples/

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Mon Feb 8 23:20:39 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id XAA28804;
Mon, 8 Feb 1999 23:20:38 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id XAA01206;
Mon, 8 Feb 1999 23:17:39 -0600 (CST)
Received: from tarkin.fdt.net (tarkin.fdt.net [209.212.128.45])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id XAA15555
for <[email protected]>; Mon, 8 Feb 1999 23:16:53 -0600 (CST)
Received: from localhost (jlewis@localhost)
by tarkin.fdt.net (8.8.5/8.8.5) with SMTP id AAA15318
for <[email protected]>; Tue, 9 Feb 1999 00:16:52 -0500
Message-Id: <[email protected]>
Date: Tue, 9 Feb 1999 00:16:52 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Jon Lewis <[email protected]>
To: [email protected]
Subject: Re: Patch - Re: Security Issue that prolly should be addressed in some mannor (fwd)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Authentication-Warning: tarkin.fdt.net: jlewis owned process doing -bs
X-Sender: [email protected]
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Resent cause the list barfed on it the first time

On Mon, 8 Feb 1999, Gregory A Lundberg wrote:

> I placed a low priority on the problem because it had never been seen in
> the wild. In your misguided zealousness to glean some fame for yourself,

Just because you haven't seen something doesn't mean it's not there. That
kind of thinking, when applied to security, can be dangerous.

> Now, those of us who maintain FTP servers, not just wu-ftpd, but *ALL*
> servers, must rush about, patching, attempting to limit the damage you
> have caused. Next time, as I'm quite sure your boss has impressed upon
> you, think before you act.

He's caused no real damage. When a problem has been known for
considerable time, as appears to be the case here, you should assume there
is exploit code floating around. Some exploits float about only
occasionally used for quite a while before someone decides to make them
public.

If you want secure file transfers, use scp.

----don't waste your cpu, crack rc5...www.distributed.net team enzo---
Jon Lewis <[email protected]>| Spammers will be winnuked or
Network Administrator | nestea'd...whatever it takes
Florida Digital Turnpike | to get the job done.
_________http://www.lewis.org/~jlewis/pgp for PGP public key__________

From [email protected] Thu Feb 11 10:32:19 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id KAA01241;
Thu, 11 Feb 1999 10:32:19 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id KAA08526;
Thu, 11 Feb 1999 10:29:08 -0600 (CST)
Received: from relay.pair.com (relay1.pair.com [209.68.1.20])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id KAA05026
for <[email protected]>; Thu, 11 Feb 1999 10:24:15 -0600 (CST)
Received: from microsoft.sucks.eu.org ([email protected] [137.226.8.160])
by relay.pair.com (8.8.7/8.8.5) with SMTP id LAA03676;
Thu, 11 Feb 1999 11:24:41 -0500 (EST)
Message-Id: <Pine.LNX.4.10.9902111628220.4713-100000@k6.microsoft.sucks.eu.org>
Date: Thu, 11 Feb 1999 16:33:34 +0100 (CET)
Reply-To: [email protected]
Sender: [email protected]
From: Bernhard Rosenkraenzer <[email protected]>
To: Andrew Bennett <[email protected]>
Cc: [email protected]
Subject: Re: BeroFTPD logins
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Wed, 10 Feb 1999, Andrew Bennett wrote:

> I have compiled and installed BeroFTPD-1.2.3 on FreeBSD 2.2.8-STABLE

Try 1.3.3 - it includes some compatibility fixes (and will be released as
1.2.4 next week if I don't hear of any problems until then).

> 1. real users can't login

I can't reproduce this on FreeBSD 4.0-CURRENT and Linux. Please tell me if
the problem is still there with 1.3.3.

There's a typo in your ftpaccess:

> guestgroup ftp-only
^^^^^^^^
[...]
> message /.welcome.ftponly login ftponly
^^^^^^^

> I have compiled in vhost and SKEY support,

SKEY support might be the problem - I don't have an SKEY installation, so
I can't test this particular feature. I haven't heard of any problems with
it so far, so I'm assuming it works.

LLaP
bero

--
Windows 98 supports real multitasking - it can boot and crash simultaneously.
***
Anyone sending unwanted advertising e-mail to this address will be charged
$25 for network traffic and computing time. By extracting my address from
this message or its header, you agree to these terms.

From [email protected] Thu Feb 11 10:36:08 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id KAA01296;
Thu, 11 Feb 1999 10:36:08 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id KAA08393;
Thu, 11 Feb 1999 10:31:39 -0600 (CST)
Received: from ckgppxy1.proxy.att.com (ckmsfw1.att.com [12.20.58.157])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id KAA25707
for <[email protected]>; Thu, 11 Feb 1999 10:26:41 -0600 (CST)
Received: from merlin.lz.att.com ([135.25.200.5])
by ckgppxy1.proxy.att.com (AT&T/IPNS/GW-1.0) with SMTP id LAA05705
for <[email protected]>; Thu, 11 Feb 1999 11:26:08 -0500 (EST)
Received: by merlin.lz.att.com with SMTP (Microsoft Exchange Server Internet Mail Connector Version 4.0.996.62)
id <[email protected]>; Thu, 11 Feb 1999 11:28:05 -0500
Message-Id: <c=US%a=_%p=att%[email protected]>
Date: Thu, 11 Feb 1999 11:28:03 -0500
Reply-To: [email protected]
Sender: [email protected]
From: Roger Hanke <[email protected]>
To: "'WUFTPD List'" <[email protected]>
Cc: "'Kent Landfield'" <[email protected]>
Subject: shutdown command w/newvirt virtual servers
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Exchange Server Internet Mail Connector Version 4.0.996.62
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

For those of you using or familiar with Kent's newvirt
virtual servers have a shutdown question.

Am running BeroFTPD 1.2.3 but have reproduced the
same behavior with Beta 15 newvirt version, so does
not appear to be a version issue (OS is Solaris 2.5.1).
Have a number of ftpaccess files, one for each virtual
server being run.
When I create the shutdown file specified in each of
them, access is refused to new connections at the
specified time. But any existing connection is not
taken down at the specified time (default is 5 minutes
before shutdown time). This is regardless of whether
this connection was established before or after the
shutdown file was put into place. So no existing
connections are ever ripped down. All new connections
after the specified time (default is 10 minutes before
shutdown time) are denied access until the shutdown
file is removed, just as expected.

Reading Kent's virtual server descriptions and
mailing list mail I had assumed all standard shutdown
capabilities had been included in the newvirt work.
But now I am wondering if connections are supposed
to be ripped down by the server when newvirt virtual
servers are being used with multiple ftpaccess files?

Also had trouble getting either Beta 15 newvirt ftpshut
or BeroFTPD 1.2.3 ftpshut command to work properly
for multiple ftpaccess files. Would end up core dumping
with segmentation fault after complaining:
Couldn't open shutdown file: No such file or directory
Looking into the code, which is essentially the same
logic for both versions, it appears if dont have
permission to open file for writing would get this error.
But ftpshut is running as root so it should have
sufficient permissions. Even opened up permissions
on directory to be written to, to be absolutely certain.
But same errors kept occurring. So anyone have
an idea if newvirt enhanced ftpshut ever worked properly
for multiple ftpaccess files?

Thanx,
Roger
---------------------------------------------------------------
Roger A. Hanke AT&T Web Site Services
(732)576-5738 [email protected]
FAX (732)576-6041 http://lynxhub.att.com/~rah/
---------------------------------------------------------------

From [email protected] Thu Feb 11 10:58:43 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id KAA01608;
Thu, 11 Feb 1999 10:58:42 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id KAA21903;
Thu, 11 Feb 1999 10:55:30 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id KAA18676
for <[email protected]>; Thu, 11 Feb 1999 10:50:05 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id LAA12983;
Thu, 11 Feb 1999 11:49:55 -0500
Message-Id: <[email protected]>
Date: Thu, 11 Feb 1999 11:49:54 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: Roger Hanke <[email protected]>
Cc: WU-FTPD Discussion List <[email protected]>,
"'Kent Landfield'" <[email protected]>
Subject: Re: shutdown command w/newvirt virtual servers
In-Reply-To: <c=US%a=_%p=att%[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Thu, 11 Feb 1999, Roger Hanke wrote:

> When I create the shutdown file specified in each of them, access is
> refused to new connections at the specified time. But any existing
> connection is not taken down at the specified time (default is 5
> minutes before shutdown time). This is regardless of whether this
> connection was established before or after the shutdown file was put
> into place. So no existing connections are ever ripped down. All new
> connections after the specified time (default is 10 minutes before
> shutdown time) are denied access until the shutdown file is removed,
> just as expected.

I believe this problem is endemic to all versions of Wu-FTPD. I fixed
some problems with the handling of the shutdown file(s) some time ago
(don't remember which VR version). As I recall, the problem was similar
to what you've described.

> Reading Kent's virtual server descriptions and mailing list mail I had
> assumed all standard shutdown capabilities had been included in the
> newvirt work. But now I am wondering if connections are supposed to be
> ripped down by the server when newvirt virtual servers are being used
> with multiple ftpaccess files?

If I have fixed it and Bernard hasn't grabbed it yet blame (1) workload
and (2) draconian pricing for telephone and Internet services in Europe.

> Also had trouble getting either Beta 15 newvirt ftpshut or BeroFTPD
> 1.2.3 ftpshut command to work properly for multiple ftpaccess files.
> Would end up core dumping with segmentation fault after complaining:
> Couldn't open shutdown file: No such file or directory Looking into
> the code, which is essentially the same logic for both versions, it
> appears if dont have permission to open file for writing would get
> this error. But ftpshut is running as root so it should have
> sufficient permissions. Even opened up permissions on directory to be
> written to, to be absolutely certain. But same errors kept occurring.
> So anyone have an idea if newvirt enhanced ftpshut ever worked
> properly for multiple ftpaccess files?

I rather doubt it since I don't think the base daemon, up to and including
beta-18, handles shutdown correctly. Yes, I was able to segfault and dump
core when I was testing. your description of debuggin sounds like what I
went through.

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Thu Feb 11 14:40:03 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id OAA04580;
Thu, 11 Feb 1999 14:40:02 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id OAA17027;
Thu, 11 Feb 1999 14:34:44 -0600 (CST)
Received: from astro.sgsnet.com (astro.sgsnet.com [204.217.154.3])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id OAA16461
for <[email protected]>; Thu, 11 Feb 1999 14:31:09 -0600 (CST)
Received: from imho.net (taz.sgsnet.com [204.217.154.9]) by astro.sgsnet.com (8.7.5/8.7.3) with ESMTP id OAA01806 for <[email protected]>; Thu, 11 Feb 1999 14:24:07 -0600 (CST)
Message-Id: <[email protected]>
Date: Thu, 11 Feb 1999 14:29:38 -0600
Reply-To: [email protected]
Sender: [email protected]
From: Leif Ericksen <[email protected]>
To: FTP <[email protected]>
Subject: Virtual FTP, and limiting to a directory?
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Sender: [email protected]
X-Mailer: Mozilla 4.5 [en] (X11; U; SunOS 5.6 sun4u)
X-Accept-Language: en
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Using WU-FTPD (Version wu-2.4.2-academ[BETA-18](1) Thu Feb 4 08:38:09
CST 1999) ready.

I think I am missing some point. I compiled this using the -D VIRTUAL
option and I still am having a few problems.

I have received some helpful information from Greggory Lundberg but I
have a few minor problems. I can login as my virutal user, and I get
the desired directory. However, this same user is able to switch to "/"
and go to other directories on the system.

SETUP:
ftpaccess:
log commands real
log transfers anonymous,real inbound,outbound

guestuser user
guestgroup guests

virtual some-ip root /export/home/leif/testftp/
virtual 2some-ip banner /export/home/leif/testftp/banner.msg
virtual some-ip logfile /export/home/leif/testftp/xferlog
virtual somei-p allow user
virtual some-ip email tome

shutdown /etc/shutmsg

email tome

/etc/passwd has an entry like:

user:x:40001:21:test ftp:/export/home/leif/./testftp:/bin/ftponly

/etc/group has an entry like:

guests::21:

Now in the /export/home/testftp I have the
/etc/ tha has a different passwd, and group file. I have in ./bin a
few programs and cd IS NOT ONE of them. If more information is
required let me know and I will give you what I can.

I reall am stuck as to why this user is able to get out of the direcotry
they should have been chroot() ed to..

Incidenntly this is on a Sparc 5 running Solaris 2.6 and I did a build
sol.

-- Leif Ericksen
[email protected]

From [email protected] Thu Feb 11 15:07:40 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id PAA05005;
Thu, 11 Feb 1999 15:07:39 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id PAA19539;
Thu, 11 Feb 1999 15:04:31 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id PAA19976
for <[email protected]>; Thu, 11 Feb 1999 15:04:08 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id QAA16357;
Thu, 11 Feb 1999 16:03:40 -0500
Message-Id: <[email protected]>
Date: Thu, 11 Feb 1999 16:03:40 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: Leif Ericksen <[email protected]>
Cc: WU-FTPD Discussion List <[email protected]>
Subject: Re: Virtual FTP, and limiting to a directory?
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Thu, 11 Feb 1999, Leif Ericksen wrote:

> Using WU-FTPD (Version wu-2.4.2-academ[BETA-18](1) Thu Feb 4 08:38:09
> CST 1999) ready.

> guestuser user
> virtual somei-p allow user
> virtual some-ip email tome

These are VR features. The version stamp you give above makes me ponder
the possibilty you're not running the software you think you are.

The version stamp for the VR13 version looks like:

Version wu-2.4.2-academ[BETA-18-VR13](1) Tue Feb 9 15:22:47 EST 1999

The (1) is meaningless
The date and time are when the daemon was compiled.

there's a FAQ about this. probably you forgot to restart inetd after
changing the inetd.conf

wu-ftpd Resource Center: http://www.landfield.com/wu-ftpd/
wu-ftpd FAQ: http://www.cetis.hvu.nl/~koos/wu-ftpd-faq.html
wu-ftpd list archive: http://www.landfield.com/wu-ftpd/mail-archive/

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Thu Feb 11 15:15:16 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id PAA05123;
Thu, 11 Feb 1999 15:15:15 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id PAA20702;
Thu, 11 Feb 1999 15:10:54 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id PAA20638
for <[email protected]>; Thu, 11 Feb 1999 15:10:07 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id QAA16533
for <[email protected]>; Thu, 11 Feb 1999 16:10:02 -0500
Message-Id: <[email protected]>
Date: Thu, 11 Feb 1999 16:10:01 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: WU-FTPD Discussion List <[email protected]>
Subject: Re: Problem Building on Linux (fwd)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

---------- Forwarded message ----------
Date: Thu, 11 Feb 1999 16:07:43 -0500 (EST)
From: Gregory A Lundberg <[email protected]>
Subject: Re: Problem Building on Linux

On Thu, 11 Feb 1999, Michael Tibor wrote:

> I'm trying to build from the VR13 tarball on ftp.vr.net, but I'm
> having some problems. I'm not a programmer, so I'm sure it's
> something simple I need to do; I just don't have a clue what it is I
> need to do though.
>
> My system is Red Hat 5.2. Since I've got PAM, I tried adding "-ldl
> -lpam" to LIBES= in src/makefiles/makefile.lnx (it's worked on other
> things :-)
>
> I also tried adding -DDIRENT_ILLEGAL_ACCESS per the faq, but that
> didn't seem to have any effect.

> In file included from extensions.h:78,
> from ftpd.c:124:
> /usr/include/linux/quota.h:113: parse error before `__u32'

I received another bug report about this about 4 hours ago. the fix is to
add a #include for asm/types.h ...

- --- src/extensions.h Mon Dec 28 12:42:02 1998
+++ src/extensions.modified.h Thu Feb 11 13:52:16 1999
@@ -75,6 +75,7 @@
#ifdef LINUX
#define QUOTA_DEVICE
#include <mntent.h>
+#include <asm/types.h>
#include <linux/quota.h>
#endif

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Thu Feb 11 18:37:27 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id SAA07548;
Thu, 11 Feb 1999 18:37:26 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id SAA03250;
Thu, 11 Feb 1999 18:32:51 -0600 (CST)
Received: from home.welcomehome.org (home.welcomehome.org [209.6.45.100])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id SAA03305
for <[email protected]>; Thu, 11 Feb 1999 18:31:53 -0600 (CST)
Received: (from paonia@localhost) by home.welcomehome.org (8.9.1/8.6.9) id TAA04134 for [email protected]; Thu, 11 Feb 1999 19:31:15 -0500
Message-Id: <[email protected]>
Date: Thu, 11 Feb 1999 19:31:14 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: paonia <[email protected]>
To: [email protected]
Subject: url for ftpd alert
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Mailer: ELM [version 2.4 PL24]
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Can someone please email it me.
thanks
paonia

From [email protected] Thu Feb 11 18:49:00 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id SAA07686;
Thu, 11 Feb 1999 18:48:59 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id SAA04044;
Thu, 11 Feb 1999 18:45:54 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id SAA03866
for <[email protected]>; Thu, 11 Feb 1999 18:41:54 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id TAA21615;
Thu, 11 Feb 1999 19:41:26 -0500
Message-Id: <[email protected]>
Date: Thu, 11 Feb 1999 19:41:26 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: paonia <[email protected]>
Cc: [email protected]
Subject: Re: url for ftpd alert
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Thu, 11 Feb 1999, paonia wrote:

> Can someone please email it me.

http://www.netect.com/advisory_0209.html

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Thu Feb 11 21:46:34 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id VAA09514;
Thu, 11 Feb 1999 21:46:34 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id VAA15499;
Thu, 11 Feb 1999 21:42:03 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id VAA15238
for <[email protected]>; Thu, 11 Feb 1999 21:35:42 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id WAA26087
for <[email protected]>; Thu, 11 Feb 1999 22:35:41 -0500
Message-Id: <[email protected]>
Date: Thu, 11 Feb 1999 22:35:40 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: WU-FTPD Discussion List <[email protected]>
Subject: CERT Advisory CA-99.03 - FTP-Buffer-Overflows (fwd)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

---------- Forwarded message ----------
Date: Thu, 11 Feb 1999 18:19:40 -0500
From: CERT Advisory <[email protected]>
Reply-To: [email protected]
To: [email protected]
Subject: CERT Advisory CA-99.03 - FTP-Buffer-Overflows

-----BEGIN PGP SIGNED MESSAGE-----

CERT Advisory CA-99-03-FTP-Buffer-Overflows

Original issue date: February 11, 1999

Topic: Remote buffer overflows in various FTP servers leads to
potential root compromise.
Source: Netect, Inc.

To aid in the wide distribution of essential security information, the
CERT Coordination Center is forwarding the following information from
Netect, Inc. Netect, Inc. urges you to act on this information as soon
as possible. See Appendix C for Netect, Inc. contact information.
Please contact them if you have any questions or need further
information.

=======================FORWARDED TEXT STARTS HERE===========================

Netect, Inc.
General Public Security Advisory

% Advisory: palmetto.ftpd
% Issue date: February 9, 1999
% Contact: Jordan Ritter
% Revision: February 11, 1999
% Update: Appendices A and B corrected.

[Topic]

Remote buffer overflows in various FTP servers leads to potential root
compromise.

[Affected Systems]

Any server running the latest version of ProFTPD (1.2.0pre1) or the
latest version of Wuarchive ftpd (2.4.2-academ[BETA-18]). wu-ftpd is
installed and enabled by default on most Linux variants such as RedHat
and Slackware Linux. ProFTPD is new software recently adopted by many
major internet companies for its improved performance and reliability.

Investigation of this vulnerability is ongoing; the below lists
software and operating systems for which Netect has definitive
information.

[Overview]

Software that implements FTP is called an "ftp server", "ftp daemon",
or "ftpd". On most vulnerable systems, the ftpd software is enabled
and installed by default.

There is a general class of vulnerability that exists in several
popular ftp servers. Due to insufficient bounds checking, it is
possible to subvert an ftp server by corrupting its internal stack
space. By supplying carefully designed commands to the ftp server,
intruders can force the the server to execute arbitrary commands with
root privilege.

On most vulnerable systems, the ftpd software is installed and enabled
by default.

[Impact]

Intruders who are able to exploit this vulnerability can ultimately
gain interactive access to the remote ftp server with root privilege.

[Solution]

Currently there are several ways to exploit the ftp servers in
question. One temporary workaround against an anonymous attack is to
disable any world writable directories the user may have access to by
making them read only. This will prevent an attacker from building an
unusually large path, which is required in order to execute these
particular attacks.

The permanent solution is to install a patch from your Vendor, or
locate one provided by the Software's author or maintainer. See
Appendices A and B for more specific information.

Netect strongly encourages immediate upgrade and/or patching where
available.

Netect provides a strong software solution for the automatic detection
and removal of security vulnerabilities. Current HackerShield
customers can protect themselves from this vulnerability by either
visiting the Netect website and downloading the latest RapidFire(tm)
update, or by enabling automatic RapidFire(tm) updates (no user
intervention required).

Interested in protecting your network today? Visit the Netect website
at http://www.netect.com/ and download a FREE 30 day copy of
HackerShield, complete with all the latest RapidFire(tm) updates to
safeguard your network from hackers.

[Appendix A, Software Information]

% ProFTPD

Current version: 1.2.0pre1, released October 19, 1998.
All versions prior to 1.2.0pre1: vulnerable.
Fix: will be incorporated into 1.2.0pre2.

Currently recommended action: upgrade to the new version when it
becomes available, or apply the version 1.2.0pre1 patch found at:

ftp://ftp.proftpd.org/patches/proftpd-1.2.0pre1-path_exploit2.patch

% wu-ftpd

Current version: 2.4.2 (beta 18), unknown release date.
All versions through 2.4.2 (beta 18): vulnerability dependant upon
target platform, probably vulnerable either due to OS-provided
runtime vulnerability or through use of replacement code supplied
with the source kit. No patches have been made available.
Fix: unknown.

Currently recommended action: Upgrade to wu-ftpd VR series.

% wu-ftpd VR series

Current version: 2.4.2 (beta 18) VR13, released January 28, 1999.
All versions prior to 2.4.2 (beta 18) VR10: vulnerable.
Fix: incorporated into VR10, released November 1, 1998.

Available from:
ftp://ftp.vr.net/pub/wu-ftpd/
Filenames:
wu-ftpd-2.4.2-beta-18-vr13.tar.Z
wu-ftpd-2.4.2-beta-18-vr13.tar.gz

% BeroFTPD [NOT vulnerable]

Current version: 1.3.3, released February 7, 1999.
All versions prior to 1.2.0: vulnerable.
Fix: incorporated into 1.2.0, released October 26, 1998.

Available from:
ftp://ftp.croftj.net/usr/bero/BeroFTPD/
ftp://ftp.sunet.se/pub/nir/ftp/servers/BeroFTPD/
ftp://sunsite.cnlab-switch.ch/mirror/BeroFTPD/
Filename:
BeroFTPD-1.3.3.tar.gz

% NcFTPd [NOT vulnerable]

Current version: 2.4.0, released February 6, 1999.
All versions prior to 2.3.4: unknown.

Available from:
http://www.ncftp.com/download/

Notes:

% NcFTPd 2.3.4 (libc5) ftp server has a remotely exploitable bug
that results in the loss of the server's ability to log
activity.

% This bug cannot be exploited to gain unintended or privileged
access to a system running the NcFTPd 2.3.4 (libc5) ftp
server, as tested.

% The bug was reproducible only on a libc5 Linux system. The
Linux glibc version of NcFTPd 2.3.4 ftp server is NOT
vulnerable.

% The bug does not appear to be present in version NcFTPd 2.3.5 or
later. Affected users may upgrade free of charge to the latest
version.

Thanks go to Gregory Lundberg for providing the information regarding
wu-ftpd and BeroFTPD.

[Appendix B, Vendors]

% RedHat Software, Inc.

% RedHat Version 5.2 and previous versions ARE vulnerable.

Updates will be available from:
ftp://updates.redhat.com/5.2/<arch>
Filename:
wu-ftpd-2.4.2b18-2.1.<arch>.rpm

% Walnut Creek CDROM and Patrick Volkerding

% Slackware All versions ARE vulnerable.

Updates will be available from:
ftp://ftp.cdrom.com/pub/linux/slackware-3.6/slakware/n8/
ftp://ftp.cdrom.com/pub/linux/slackware-current/slakware/n8/
Filenames
tcpip1.tgz (3.6) [971a5f57bec8894364c1e0d358ffbfd4]
tcpip1.tgz (current) [e1e9a9a50ad65bab1e120a7bf60f6011]

Notes:

% The md5 checksums are current for the above mentioned Revision
date only.

% Caldera Systems, Inc.

% OpenLinux Latest version IS vulnerable

Updates will be available from:
ftp://ftp.calderasystems.com/pub/OpenLinux/updates/

% SCO

% UnixWare Version 7.0.1 and earlier (except 2.1.x) IS vulnerable.
% OpenServer Versions 5.0.5 and earlier IS vulnerable.
% CMW+ Version 3.0 is NOT vulnerable.
% Open Desktop/Server Version 3.0 is NOT vulnerable.

Binary versions of ftpd will be available shortly from the SCO ftp
site:
ftp://ftp.sco.com/SSE/sse021.ltr - cover letter
ftp://ftp.sco.com/SSE/sse021.tar.Z - replacement binaries

Notes:

This fix is a binary for the following SCO operating systems:

% SCO UnixWare 7.0.1 and earlier releases (not UnixWare 2.1.x)
% SCO OpenServer 5.0.5 and earlier releases

For the latest security bulletins and patches for SCO products,
please refer to http://www.sco.com/security/.

% IBM Corporation

% AIX Versions 4.1.x, 4.2.x, and 4.3.x ARE NOT vulnerable.

% Hewlett-Packard

% HPUX Versions 10.x and 11.x ARE NOT vulnerable.

HP is continuing their investigation.

% Sun Microsystems, Inc.

% SunOS All versions ARE NOT vulnerable.
% Solaris All versions ARE NOT vulnerable.

% Microsoft, Inc.

% IIS Versions 3.0 and 4.0 ARE NOT vulnerable.

% Compaq Computer Corporation

% Digital UNIX V40b - V40e ARE NOT vulnerable.
% TCP/IP(UCX) for OpenVMS V4.1, V4.2, V5.0 ARE NOT vulnerable.

% Silicon Graphics, Inc. (SGI)

% IRIX and Unicos

Currently, Silicon Graphics, Inc. is investigating and no further
information is available for public release at this time.

As further information becomes available, additional advisories
will be issued via the normal SGI security information distribution
method including the wiretap mailing list.

Silicon Graphics Security Headquarters
http://www.sgi.com/Support/security/

% NetBSD

% NetBSD All versions ARE NOT vulnerable.

[Appendix C, Netect Contact Information]

Copyright (c) 1999 by Netect, Inc.

The information contained herein is the property of Netect, Inc.

The contact for this advisory is Jordan Ritter . PGP
signed/encrypted email is preferred.

Visit http://www.netect.com/ for more information.

========================FORWARDED TEXT ENDS HERE============================
______________________________________________________________________

This document is available from:
http://www.cert.org/advisories/CA-99-03-FTP-Buffer-Overflows.html.
______________________________________________________________________

CERT/CC Contact Information

Email: [email protected]
Phone: +1 412-268-7090 (24-hour hotline)
Fax: +1 412-268-6989
Postal address:
CERT Coordination Center
Software Engineering Institute
Carnegie Mellon University
Pittsburgh PA 15213-3890
U.S.A.

CERT personnel answer the hotline 08:00-20:00 EST(GMT-5) / EDT(GMT-4)
Monday through Friday; they are on call for emergencies during other
hours, on U.S. holidays, and on weekends.

Using encryption

We strongly urge you to encrypt sensitive information sent by email.
Our public PGP key is available from http://www.cert.org/CERT_PGP.key.
If you prefer to use DES, please call the CERT hotline for more
information.

Getting security information

CERT publications and other security information are available from
our web site http://www.cert.org/.

To be added to our mailing list for advisories and bulletins, send
email to [email protected] and include SUBSCRIBE
your-email-address in the subject of your message.

* "CERT" and "CERT Coordination Center" are registered in the U.S.
Patent and Trademark Office
______________________________________________________________________

NO WARRANTY
Any material furnished by Carnegie Mellon University and the Software
Engineering Institute is furnished on an "as is" basis. Carnegie
Mellon University makes no warranties of any kind, either expressed or
implied as to any matter including, but not limited to, warranty of
fitness for a particular purpose or merchantability, exclusivity or
results obtained from use of the material. Carnegie Mellon University
does not make any warranty of any kind with respect to freedom from
patent, trademark, or copyright infringement.
______________________________________________________________________

Revision History

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBNsNeYHVP+x0t4w7BAQE6mAQAlD3tFRsp1NR+IG57AZHD2QyeyJuK5YRG
wPyEqlACyQJOLm6ENFEHzaSRNUfZjUDlRGclguyVUHYq8nw7C1Yxwljulj+2sQcV
Genph5A8KD8ry2vpinV7mlqsrbEfhZA0xdYztAXnktHByW6QtsBCRHr+n0f2CDtN
aPujCLWXnuk=
=BuDD
-----END PGP SIGNATURE-----

From [email protected] Fri Feb 12 04:32:17 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id EAA12204;
Fri, 12 Feb 1999 04:32:16 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id EAA10330;
Fri, 12 Feb 1999 04:27:44 -0600 (CST)
Received: from snoopy.nic.fiducia.de (snoopy.nic.fiducia.de [195.200.32.17])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id EAA10219
for <[email protected]>; Fri, 12 Feb 1999 04:24:20 -0600 (CST)
Received: from smtp.fiducia.de ([195.200.32.4]) by snoopy.nic.fiducia.de
(Netscape Messaging Server 3.5) with SMTP id 58
for <[email protected]>; Fri, 12 Feb 1999 11:27:10 +0100
Received: from orga.de ([10.2.60.138]) by smtp.fiducia.de (Lotus SMTP MTA Internal build v4.6.2 (651.2 6-10-1998)) with SMTP id 41256716.00390C65; Fri, 12 Feb 1999 11:23:07 +0100
Message-Id: <[email protected]>
Date: Fri, 12 Feb 1999 11:24:34 +0100
Reply-To: [email protected]
Sender: [email protected]
From: Edgar Ringelspacher <[email protected]>
To: [email protected]
Subject: ssl client certificate
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Mailer: Mozilla 4.5 [de] (WinNT; I)
X-Accept-Language: de
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Hallo,
has anybody running wu-ftpd with SSL-Patch under SPARC Solaris 2.x ?

Can i make an automatic login (without password) based on username
an owner of a client certificate ? On my server I have SSLeay
installed.

Regards
Edgar Ringelspacher

From [email protected] Fri Feb 12 06:13:41 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id GAA13315;
Fri, 12 Feb 1999 06:13:40 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id GAA16664;
Fri, 12 Feb 1999 06:09:17 -0600 (CST)
Received: from ckgppxy1.proxy.att.com (ckmsfw1.att.com [12.20.58.157])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id GAA16491
for <[email protected]>; Fri, 12 Feb 1999 06:08:02 -0600 (CST)
Received: from merlin.lz.att.com ([135.25.200.5])
by ckgppxy1.proxy.att.com (AT&T/IPNS/GW-1.0) with SMTP id HAA04192
for <[email protected]>; Fri, 12 Feb 1999 07:07:31 -0500 (EST)
Received: by merlin.lz.att.com with SMTP (Microsoft Exchange Server Internet Mail Connector Version 4.0.996.62)
id <[email protected]>; Fri, 12 Feb 1999 07:09:30 -0500
Message-Id: <c=US%a=_%p=att%[email protected]>
Date: Fri, 12 Feb 1999 07:09:28 -0500
Reply-To: [email protected]
Sender: [email protected]
From: Roger Hanke <[email protected]>
To: "'Gregory A Lundberg'" <[email protected]>
Cc: "'WU-FTPD Discussion List'" <[email protected]>,
"'Kent Landfield'"
<[email protected]>,
"'Bernhard Rosenkraenzer'"
<[email protected]>
Subject: RE: shutdown command w/newvirt virtual servers
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Exchange Server Internet Mail Connector Version 4.0.996.62
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Gregory,
Found some more notes from my past conversations
with Kent and came across a couple of the problems
we touched on below.

First bug I had reported and he had been able to
reproduce is the ftpshut core dumps that you also
were able to reproduce it sounded like.
He had found they were caused when it encountered
a ftpaccess file without a shutdown line in it. This
was true once again in my case since I leave one
server up at all times to serve my local administrators
who are working on the server. I had put a shutdown
line in all external ftpaccess files that customers can
access. By adding in a dummy shutdown line the
core dumps stopped and I was able to use ftpshut.
Turns out the ftprestart gives a number of complaints
but did actually remove all the files that ftpshut had
created. So I am able to use both of these utilities
now, with WUFTPD Beta 13 version, or BeroFTPD 1.2.3
version.

The only thing I am still confused on was that Kent
at the time also confirmed another problem I had
reported, that he was not tearing down
guest class connections, just real and anonymous.
This was with the Beta 15 newvirt 040 version and
he had claimed that not only would ftpshut be corrected
but he was planning to make sure the server would
tear down all classes of connections. From my notes
this would imply that both real and anonymous classes
were getting ripped down. So not sure
why it appears when virtual servers with multiple ftpaccess
files are being used that no connections of any class
type (well I didnt test real actually, just guest and anonymous)
are being torn down. I noticed Kent put out a Beta 18 version
of his newvirt last August. But dont know when Bernhard
picked up Kent's newvirt stuff, possibly prior to this?
Or since Kent has been tied up with real world stuff that
perhaps BeroFTPD newvirt is Kent's latest stuff and Kent
just never got to this?
Roger

>-----Original Message-----
>From: Gregory A Lundberg [SMTP:[email protected]]
>Sent: Thursday, February 11, 1999 11:50 AM
>To: Roger Hanke
>Cc: WU-FTPD Discussion List; 'Kent Landfield'
>Subject: Re: shutdown command w/newvirt virtual servers
>
>On Thu, 11 Feb 1999, Roger Hanke wrote:
>
>> When I create the shutdown file specified in each of them, access is
>> refused to new connections at the specified time. But any existing
>> connection is not taken down at the specified time (default is 5
>> minutes before shutdown time). This is regardless of whether this
>> connection was established before or after the shutdown file was put
>> into place. So no existing connections are ever ripped down. All new
>> connections after the specified time (default is 10 minutes before
>> shutdown time) are denied access until the shutdown file is removed,
>> just as expected.
>
>I believe this problem is endemic to all versions of Wu-FTPD. I fixed
>some problems with the handling of the shutdown file(s) some time ago
>(don't remember which VR version). As I recall, the problem was similar
>to what you've described.
>
>> Reading Kent's virtual server descriptions and mailing list mail I had
>> assumed all standard shutdown capabilities had been included in the
>> newvirt work. But now I am wondering if connections are supposed to be
>> ripped down by the server when newvirt virtual servers are being used
>> with multiple ftpaccess files?
>
>If I have fixed it and Bernard hasn't grabbed it yet blame (1) workload
>and (2) draconian pricing for telephone and Internet services in Europe.
>
>> Also had trouble getting either Beta 15 newvirt ftpshut or BeroFTPD
>> 1.2.3 ftpshut command to work properly for multiple ftpaccess files.
>> Would end up core dumping with segmentation fault after complaining:
>> Couldn't open shutdown file: No such file or directory Looking into
>> the code, which is essentially the same logic for both versions, it
>> appears if dont have permission to open file for writing would get
>> this error. But ftpshut is running as root so it should have
>> sufficient permissions. Even opened up permissions on directory to be
>> written to, to be absolutely certain. But same errors kept occurring.
>> So anyone have an idea if newvirt enhanced ftpshut ever worked
>> properly for multiple ftpaccess files?
>
>I rather doubt it since I don't think the base daemon, up to and including
>beta-18, handles shutdown correctly. Yes, I was able to segfault and dump
>core when I was testing. your description of debuggin sounds like what I
>went through.
>
>--
>
>Gregory A Lundberg Senior Partner, VRnet Company
>1441 Elmdale Drive [email protected]
>Kettering, OH 45409-1615 USA 1-800-809-2195
>

From [email protected] Fri Feb 12 06:16:00 1999
Received: from relay2.UU.NET (relay2.UU.NET [192.48.96.7])
by landfield.com (8.9.0/8.9.0) with ESMTP id GAA13336;
Fri, 12 Feb 1999 06:15:59 -0600 (CST)
Received: from relay2.UU.NET by relay2.UU.NET with ESMTP
(peer crosschecked as: root@localhost)
id QQgbyt12374;
Wed, 10 Feb 1999 08:49:30 -0500 (EST)
Received: from wugate.wustl.edu by relay2.UU.NET with ESMTP
(peer crosschecked as: wugate.wustl.edu [128.252.120.1])
id QQgbyt10833;
Wed, 10 Feb 1999 08:46:52 -0500 (EST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id HAA02006;
Wed, 10 Feb 1999 07:44:53 -0600 (CST)
Received: from mail-gw.uta.at (mail-gw.uta.at [195.70.224.242])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id HAA17716
for <[email protected]>; Wed, 10 Feb 1999 07:37:03 -0600 (CST)
Received: by A-MAIL01 with Internet Mail Service (5.5.2232.9)
id <DB07TT36>; Wed, 10 Feb 1999 14:36:06 +0100
Message-Id: <[email protected]>
Date: Wed, 10 Feb 1999 14:36:34 +0100
Reply-To: [email protected]
Sender: [email protected]
From: Haas Christoph <[email protected]>
To: "'[email protected]'" <[email protected]>
Subject: LDAP and WU-ftp
MIME-Version: 1.0
Content-Type: text/plain;
charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-Mailer: Internet Mail Service (5.5.2232.9)
X-MIME-Autoconverted: from quoted-printable to 8bit by wugate.wustl.edu id HAA09629
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Hello,

I�m looking for a hack or an implementation to authenticate ftp Users
against
an Ldap Server.

Does anybody know such an implementation ?!

Thanxxx for your advice

Christoph

----------------------------------------------
Christoph Haas | UTA Telekom AG
| Internet Operation Center
| voice: +43 1 40 460 / 3341
| fax : +43 1 40 460 / 93341
| ripe: CH673-RIPE
| mailto:[email protected]

From [email protected] Fri Feb 12 06:16:16 1999
Received: from relay2.UU.NET (relay2.UU.NET [192.48.96.7])
by landfield.com (8.9.0/8.9.0) with ESMTP id GAA13382;
Fri, 12 Feb 1999 06:16:16 -0600 (CST)
Received: from relay2.UU.NET by relay2.UU.NET with ESMTP
(peer crosschecked as: root@localhost)
id QQgbzr07554;
Wed, 10 Feb 1999 14:48:26 -0500 (EST)
Received: from wugate.wustl.edu by relay2.UU.NET with ESMTP
(peer crosschecked as: wugate.wustl.edu [128.252.120.1])
id QQgbzr07435;
Wed, 10 Feb 1999 14:48:10 -0500 (EST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id NAA01210;
Wed, 10 Feb 1999 13:47:42 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id NAA15703
for <[email protected]>; Wed, 10 Feb 1999 13:46:32 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id OAA29975;
Wed, 10 Feb 1999 14:46:25 -0500
Message-Id: <[email protected]>
Date: Wed, 10 Feb 1999 14:46:25 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: Viljar Tulit <[email protected]>
Cc: [email protected]
Subject: Re: wu-ftpd-2.4.2-beta-18-vr13
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Wed, 10 Feb 1999, Viljar Tulit wrote:

> There is bug in upl_check(): wdir is defined as BUFSIZ long, and used
> in fb_realpath(path,cwdir). fb_realpath uses it as MAXPATHLEN long
> string.

Thanks. I'm putting together VR14 now and will include this in it.

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Fri Feb 12 06:16:29 1999
Received: from relay2.UU.NET (relay2.UU.NET [192.48.96.7])
by landfield.com (8.9.0/8.9.0) with ESMTP id GAA13411;
Fri, 12 Feb 1999 06:16:29 -0600 (CST)
Received: from relay2.UU.NET by relay2.UU.NET with ESMTP
(peer crosschecked as: root@localhost)
id QQgbyz24665;
Wed, 10 Feb 1999 10:20:52 -0500 (EST)
Received: from wugate.wustl.edu by relay2.UU.NET with ESMTP
(peer crosschecked as: wugate.wustl.edu [128.252.120.1])
id QQgbyz24649;
Wed, 10 Feb 1999 10:20:51 -0500 (EST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id JAA21142;
Wed, 10 Feb 1999 09:20:25 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id JAA26201
for <[email protected]>; Wed, 10 Feb 1999 09:17:24 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id KAA22484;
Wed, 10 Feb 1999 10:17:18 -0500
Message-Id: <[email protected]>
Date: Wed, 10 Feb 1999 10:17:18 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: Haas Christoph <[email protected]>
Cc: "'[email protected]'" <[email protected]>
Subject: Re: LDAP and WU-ftp
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=X-UNKNOWN
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from QUOTED-PRINTABLE to 8bit by wugate.wustl.edu id JAA06103
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Wed, 10 Feb 1999, Haas Christoph wrote:

> I�m looking for a hack or an implementation to authenticate ftp Users
> against an Ldap Server.
>
> Does anybody know such an implementation ?!

I've not heard of one. This has been a long-standing feature request. If
you learn of one, send it my way and I'll see if I can merge it into a VR
update.

I have patches to add PAM to the daemon and a few requests to do so. If
your system supports PAM and you find/write a PAM module for LDAP, and can
hang tight for a month or two until I get PAM in, you should be able to do
what you want.

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Fri Feb 12 06:16:36 1999
Received: from relay2.UU.NET (relay2.UU.NET [192.48.96.7])
by landfield.com (8.9.0/8.9.0) with ESMTP id GAA13431;
Fri, 12 Feb 1999 06:16:35 -0600 (CST)
Received: from relay2.UU.NET by relay2.UU.NET with ESMTP
(peer crosschecked as: root@localhost)
id QQgcad25847;
Wed, 10 Feb 1999 17:45:57 -0500 (EST)
Received: from wugate.wustl.edu by relay2.UU.NET with ESMTP
(peer crosschecked as: wugate.wustl.edu [128.252.120.1])
id QQgcad25835;
Wed, 10 Feb 1999 17:45:56 -0500 (EST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id QAA26939;
Wed, 10 Feb 1999 16:45:29 -0600 (CST)
Received: from frontiernet.net ([email protected] [209.130.129.198])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id QAA10652
for <[email protected]>; Wed, 10 Feb 1999 16:39:18 -0600 (CST)
Received: (from dsf@localhost)
by frontiernet.net (8.8.8a/8.8.8) id RAA28318;
Wed, 10 Feb 1999 17:38:58 -0500
Message-Id: <[email protected]>
Date: Wed, 10 Feb 1999 17:38:57 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Dan Foster <[email protected]>
To: [email protected]
Cc: [email protected] (Dan Foster), [email protected]
Subject: Re: remote root overflow ?
In-Reply-To: <[email protected]> from Bernhard Rosenkraenzer at "Feb 10, 99 10:23:20 pm"
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Mailer: ELM [version 2.4ME+ PL35 (25)]
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Hot Diggety! On a bright and sunny day, Bernhard Rosenkraenzer was rumored to have said...
> On Wed, 10 Feb 1999, Robertson, Rocke wrote:
>
> > I just received an email concerning an advisory that certain ftp
> > servers are vulnerable to attacks, I believe them to be denial of
> > service attacks. They claim that wuftp beta 18 is vulnerable on most
> > Unix platforms.
>
> The problem is present in beta18; but it has fixed months ago in both the
> VR version and BeroFTPD.

So, what was the exact fix, if you remember? It'd probably be of some use
to those of who who still runs beta18 and not one of the derivatives.

-Dan

From [email protected] Fri Feb 12 06:16:42 1999
Received: from relay2.UU.NET (relay2.UU.NET [192.48.96.7])
by landfield.com (8.9.0/8.9.0) with ESMTP id GAA13447;
Fri, 12 Feb 1999 06:16:41 -0600 (CST)
Received: from relay2.UU.NET by relay2.UU.NET with ESMTP
(peer crosschecked as: root@localhost)
id QQgbzw12791;
Wed, 10 Feb 1999 16:00:52 -0500 (EST)
Received: from wugate.wustl.edu by relay2.UU.NET with ESMTP
(peer crosschecked as: wugate.wustl.edu [128.252.120.1])
id QQgbzw12785;
Wed, 10 Feb 1999 16:00:50 -0500 (EST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id PAA14239;
Wed, 10 Feb 1999 15:00:29 -0600 (CST)
Received: from orr.pwgsc.gc.ca (orr.pwgsc.gc.ca [198.103.167.14])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id OAA12559
for <[email protected]>; Wed, 10 Feb 1999 14:54:02 -0600 (CST)
Received: id PAA23524; Wed, 10 Feb 1999 15:13:02 -0500
Received: by gateway ???
Received: by gateway id PAA20489
for <[email protected]>; Wed, 10 Feb 1999 15:07:33 -0500 (EST)
Message-Id: <[email protected]>
Date: Wed, 10 Feb 1999 15:13:28 -0500
Reply-To: [email protected]
Sender: [email protected]
From: "Robertson, Rocke" <[email protected]>
To: wuftp <[email protected]>
Subject: remote root overflow ?
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Mailer: Mozilla 4.03 [en] (WinNT; U)
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

I just received an email concerning an advisory that certain ftp
servers are vulnerable to attacks, I believe them to be denial of
service attacks. They claim that wuftp beta 18 is vulnerable on most
Unix platforms. I have not hear of this being discussed on this mail
list.

The advisory came from Netec In. It is a General Public Security
Advisory...?

Has anyone heard of this dos ? Should we be concerned if we are using
wuftpd on Solaris 2.6 ?

Thanks

--
Rocke Robertson
PWGSC/GTIS
(613)991-2604
[email protected]

From [email protected] Fri Feb 12 06:16:43 1999
Received: from relay2.UU.NET (relay2.UU.NET [192.48.96.7])
by landfield.com (8.9.0/8.9.0) with ESMTP id GAA13449;
Fri, 12 Feb 1999 06:16:42 -0600 (CST)
Received: from relay2.UU.NET by relay2.UU.NET with ESMTP
(peer crosschecked as: root@localhost)
id QQgcbd16185;
Thu, 11 Feb 1999 00:20:29 -0500 (EST)
Received: from wugate.wustl.edu by relay2.UU.NET with ESMTP
(peer crosschecked as: wugate.wustl.edu [128.252.120.1])
id QQgcbd16174;
Thu, 11 Feb 1999 00:20:28 -0500 (EST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id XAA02959;
Wed, 10 Feb 1999 23:20:13 -0600 (CST)
Received: from mail.cruzio.com ([email protected] [208.226.92.37])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id XAA10810
for <[email protected]>; Wed, 10 Feb 1999 23:19:52 -0600 (CST)
Received: from loop (sa-208-226-93-4.cruzio.com [208.226.93.4])
by mail.cruzio.com with SMTP id VAA00870
for <[email protected]>; Wed, 10 Feb 1999 21:19:50 -0800 (PST)
Message-Id: <[email protected]>
Date: Wed, 10 Feb 1999 21:18:32 -0800
Reply-To: [email protected]
Sender: [email protected]
From: Andrew Bennett <[email protected]>
To: [email protected]
Subject: BeroFTPD logins
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Sender: [email protected]
X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32)
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Greetings!

I have compiled and installed BeroFTPD-1.2.3 on FreeBSD 2.2.8-STABLE and
am having problems getting it to run as a replacement for wu-ftpd-b13,
which was working fine.

I have two problems:
1. real users can't login
2. anonymous users can login, but are considered 'guest' users

My ftpaccess file contains these relevant lines:

guestgroup ftp-only
class local real,anonymous RealSiteName.org
class remote real,anonymous *
class ftponly guest *
message /.welcome.ftp login local remote
message /.welcome.ftponly login ftponly

I know that anonymous users are being considered guest users because they
get the /.welcome.ftponly message upon logging in. Under wu-b13, anonymous
users are considered anonymous, not guest.

Nothing has changed about my configuration from wu-b13 to Bero-1.2.3.
/etc/shells is good, /etc/passwd is good, /etc/group contains an
'ftp-only' group that applies to some users, but not user 'ftp'.

I have compiled in vhost and SKEY support, but am not using them at this
time. Other compilation-time options, except the install directory
(/usr/local/beroftpd) and the config file directory
(/usr/local/etc/beroftpd) are defaults.

Any suggestions? Places to look? Things to do?

Thanks in advance!

Andrew

From [email protected] Fri Feb 12 06:16:46 1999
Received: from relay2.UU.NET (relay2.UU.NET [192.48.96.7])
by landfield.com (8.9.0/8.9.0) with ESMTP id GAA13467;
Fri, 12 Feb 1999 06:16:45 -0600 (CST)
Received: from relay2.UU.NET by relay2.UU.NET with ESMTP
(peer crosschecked as: root@localhost)
id QQgcac23424;
Wed, 10 Feb 1999 17:39:04 -0500 (EST)
Received: from wugate.wustl.edu by relay2.UU.NET with ESMTP
(peer crosschecked as: wugate.wustl.edu [128.252.120.1])
id QQgcac23413;
Wed, 10 Feb 1999 17:39:03 -0500 (EST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id QAA24204;
Wed, 10 Feb 1999 16:38:47 -0600 (CST)
Received: from apollo.gat.com (apollo.gat.com [192.5.166.20])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id QAA16709
for <[email protected]>; Wed, 10 Feb 1999 16:31:43 -0600 (CST)
Received: from nt-usc (NT-USC.GAT.COM [192.5.166.179])
by apollo.gat.com (8.9.1/8.9.0) with SMTP id OAA13761
for <[email protected]>; Wed, 10 Feb 1999 14:31:32 -0800 (PST)
Message-Id: <[email protected]>
Date: Wed, 10 Feb 1999 14:31:32 -0800
Reply-To: [email protected]
Sender: [email protected]
From: Tony Warner <[email protected]>
To: [email protected]
Subject: Followup: Re: wu-ftpd on Digital Unix with Enhanced Security
In-Reply-To: <[email protected]>
References: <[email protected]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Sender: [email protected] (Unverified)
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.0
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

thanks to Gregory Lundberg for his suggestions....

I am a bit closer now, but still having problems...

I've got version 2.4.2 beta 18. Compiled it with "build osf"
(not "build dec" -- I couldn't get it to compile with that config file)

I modified the config.osf and Makefile.osf as required for C2 security
on Digital unix.

This works good in it's default state. all ftp clients seem to have no
trouble accessing and working with the server.
The problem comes when I try to enable the use of the ftpaccess file.
I change my inetd.conf file to use ftpd -a, and the server now denies
access to all users, even anonymous users.

The daemon seems to be completely usable in the default state, but as soon
as I try to run it with the -a flag, it stops working.

Any ideas?

original question:

I have just compiled and installed wu-ftpd 2.4 on a Digital Alpha Personal
Workstation running DU 4.0D.

I made these changes according to the faq:

Make these changes to ./src/config/config.osf :

#define SecureWare
#include <sys/secdefines.h>
#include <sys/types.h>
#include <sys/security.h>
#include <sys/audit.h>
#include <prot.h>
and add the following to ./src/makefiles/Makefile.osf

LIBES = -lsupport -lsecurity -laud

Then did "build osf".

That got it working pretty good from the command line. However,
PC and MAC clients are not able to view any files once they
are connected.

Connecting from a unix host with command line ftp works as expected.
using WS-FTP on a PC or Fetch on a MAC allows the conection but shows
no files. I do not have any banners or messages displaying in my ftpaccess
file. I only have one line in my ftpaccess file (for simplicity):

class all real,guest,anonymous *

Any ideas what I'm missing?

Thanks,
Tony Warner

*********************************************************************
Tony Warner [email protected]
General Atomics (619) 455-4285

*********************************************************************

From [email protected] Fri Feb 12 06:17:01 1999
Received: from relay2.UU.NET (relay2.UU.NET [192.48.96.7])
by landfield.com (8.9.0/8.9.0) with ESMTP id GAA13507;
Fri, 12 Feb 1999 06:17:00 -0600 (CST)
Received: from relay2.UU.NET by relay2.UU.NET with ESMTP
(peer crosschecked as: root@localhost)
id QQgccj06364;
Thu, 11 Feb 1999 08:28:44 -0500 (EST)
Received: from wugate.wustl.edu by relay2.UU.NET with ESMTP
(peer crosschecked as: wugate.wustl.edu [128.252.120.1])
id QQgccj06352;
Thu, 11 Feb 1999 08:28:43 -0500 (EST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id HAA13130;
Thu, 11 Feb 1999 07:25:42 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id HAA31624
for <[email protected]>; Thu, 11 Feb 1999 07:16:09 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id IAA10389;
Thu, 11 Feb 1999 08:15:58 -0500
Message-Id: <[email protected]>
Date: Thu, 11 Feb 1999 08:15:58 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: Dave Wreski <[email protected]>
Cc: WU-FTPD mailing list <[email protected]>,
"Pavel P. Zabortsev" <[email protected]>
Subject: Re: Passive FTP & Web browsers
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Wed, 10 Feb 1999, Dave Wreski wrote:

> >> Is there any way to disable PASSIVE command on wu-ftpd?
>
> I thought passive mode was the preferred way of doing FTP data transfers? This
> is because the server designates the port that will be used, instead of allowing
> the client to request the data port, no?

> Why wouldn't you let this thru your firewall?

Maybe you are only doing FTP for specific customers who are required to
use PORT mode? Whatever the reason, it's the local netadmin's rule.

Yes, the VR version has a compile-time option to disable either PASV or
PORT (won't let you do away with both). Dunno if Bernards folded that
change into BeroFTPD yet.

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Fri Feb 12 06:27:12 1999
Received: from relay4.UU.NET (relay4.UU.NET [192.48.96.14])
by landfield.com (8.9.0/8.9.0) with ESMTP id GAA13614;
Fri, 12 Feb 1999 06:27:11 -0600 (CST)
Received: from relay4.UU.NET by relay4.UU.NET with ESMTP
(peer crosschecked as: root@localhost)
id QQgbzr14970;
Wed, 10 Feb 1999 14:54:55 -0500 (EST)
Received: from wugate.wustl.edu by relay4.UU.NET with ESMTP
(peer crosschecked as: wugate.wustl.edu [128.252.120.1])
id QQgbzr14916;
Wed, 10 Feb 1999 14:54:48 -0500 (EST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id NAA21490;
Wed, 10 Feb 1999 13:54:23 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id NAA27498
for <[email protected]>; Wed, 10 Feb 1999 13:49:36 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id OAA30139;
Wed, 10 Feb 1999 14:49:31 -0500
Message-Id: <[email protected]>
Date: Wed, 10 Feb 1999 14:49:31 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: Tony Warner <[email protected]>
Cc: [email protected]
Subject: Re: wu-ftpd on Digital Unix with Enhanced Security
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Wed, 10 Feb 1999, Tony Warner wrote:

> I have just compiled and installed wu-ftpd 2.4 on a Digital Alpha
> Personal Workstation running DU 4.0D.

2.4 is very old and unsecure. You should be using at least 2.4.2(beta-18)
if not the current VR or BeroFTPD versions.

> That got it working pretty good from the command line. However, PC
> and MAC clients are not able to view any files once they are
> connected.

this is in the FAQ. look for questions about 'ls doesn't work', which is
your problem.

wu-ftpd Resource Center: http://www.landfield.com/wu-ftpd/
wu-ftpd FAQ: http://www.cetis.hvu.nl/~koos/wu-ftpd-faq.html
wu-ftpd list archive: http://www.landfield.com/wu-ftpd/mail-archive/

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Fri Feb 12 06:27:10 1999
Received: from relay4.UU.NET (relay4.UU.NET [192.48.96.14])
by landfield.com (8.9.0/8.9.0) with ESMTP id GAA13606;
Fri, 12 Feb 1999 06:27:09 -0600 (CST)
Received: from relay4.UU.NET by relay4.UU.NET with ESMTP
(peer crosschecked as: root@localhost)
id QQgbzi09842;
Wed, 10 Feb 1999 12:38:26 -0500 (EST)
Received: from wugate.wustl.edu by relay4.UU.NET with ESMTP
(peer crosschecked as: wugate.wustl.edu [128.252.120.1])
id QQgbzi09794;
Wed, 10 Feb 1999 12:38:21 -0500 (EST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id LAA12433;
Wed, 10 Feb 1999 11:37:46 -0600 (CST)
Received: from taurus.svitanok.com (taurus.svitanok.com [62.244.20.66])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id LAA11835
for <[email protected]>; Wed, 10 Feb 1999 11:36:03 -0600 (CST)
Received: from ksv.net.ua ([10.0.3.91])
by taurus.svitanok.com (8.8.8/8.8.8) with ESMTP id TAA07804
for <[email protected]>; Wed, 10 Feb 1999 19:35:32 +0200 (EET)
(envelope-from [email protected])
Message-Id: <[email protected]>
Date: Wed, 10 Feb 1999 19:35:53 +0200
Reply-To: [email protected]
Sender: [email protected]
From: "Maxim V. Tulyuk" <[email protected]>
To: [email protected]
Subject: Guest Account's Problems
MIME-Version: 1.0
Content-Type: text/plain; charset=koi8-r
Content-Transfer-Encoding: 8bit
X-Mailer: Mozilla 4.5 [en] (Win95; I)
X-Accept-Language: en
X-MIME-Autoconverted: from quoted-printable to 8bit by wugate.wustl.edu id LAA17209
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Hi All
I set this configurations:

uname -r -s
FreeBSD 2.2-971129-SNAP

/etc/passwd:
ftptest:*:1009:1008:Test WU FTP:/var/virtualweb/test/./:/ftponly

/etc/group:
ftpusers:*:1008:ftptest

ls -l /var/virtualweb/test/(~/):
d--x--x--x 2 root daemon 512 10 �� 18:15 bin/
d--x--x--x 2 root daemon 512 10 �� 18:34 etc/

ls -l /var/virtualweb/test/bin(~bin):
---x--x--x 1 root bin 155648 10 �� 18:15 ls*

ls -l /var/virtualweb/test/etc(~etc):
-r--r--r-- 1 root daemon 40 10 �� 18:43 group
-r--r--r-- 1 root daemon 175 10 �� 18:33 passwd

cat /var/virtualweb/test/etc/passwd(~etc/passwd):
root:*:0:0::/:/etc/ftponly
ftptest:*:1009:1008::/var/virtualweb/test/./:/etc/ftponly

cat /var/virtualweb/test/etc/group(~etc/group):
root::0:root
ftpusers::1008:ftptest

cat /usr/local/etc/ftpaccess:
class local real,guest,anonymous *.domain 0.0.0.0
class remote real,guest,anonymous *

# specify which group of users will be treated as "guests".
guestgroup ftpusers

But if I connect to the machine via FTP and login as "ftptest":
> pwd
/var/virtualweb/test/
>ls
d--x--x--x 2 root daemon 512 10 �� 18:15 bin/
d--x--x--x 2 root daemon 512 10 �� 18:34 etc/
>cd /
>ls
show my root directory

BUT WHY? WHERE MY MISTAKE?

--
bye, Max
mailto: [email protected]
http://www.svitanok.com/~mt
ICQ: 21134222

From [email protected] Fri Feb 12 06:27:31 1999
Received: from relay3.UU.NET (relay3.UU.NET [192.48.96.8])
by landfield.com (8.9.0/8.9.0) with ESMTP id GAA13670;
Fri, 12 Feb 1999 06:27:30 -0600 (CST)
Received: from relay3.UU.NET by relay3.UU.NET with ESMTP
(peer crosschecked as: root@localhost)
id QQgbvm02614;
Tue, 9 Feb 1999 11:34:13 -0500 (EST)
Received: from wugate.wustl.edu by relay3.UU.NET with ESMTP
(peer crosschecked as: wugate.wustl.edu [128.252.120.1])
id QQgbvm02572;
Tue, 9 Feb 1999 11:34:09 -0500 (EST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id KAA24700;
Tue, 9 Feb 1999 10:33:55 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id KAA19662
for <[email protected]>; Tue, 9 Feb 1999 10:28:13 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.1a/8.9.1) with ESMTP id LAA31260;
Tue, 9 Feb 1999 11:27:56 -0500
Message-Id: <[email protected]>
Date: Tue, 9 Feb 1999 11:27:55 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: Michael Wright <[email protected]>
Cc: [email protected]
Subject: Re: Permission problems
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Tue, 9 Feb 1999, Michael Wright wrote:

> I have wu-ftpd install with virtual domains. I have a user that logs
> in from a remote site to send some data. This user has an account on
> the system and puts the data in a directory that he owns.
>
> The problem is that this user is unable to delete any files from this
> directory or any other directory that he may create.

Does your ftpaccess files say 'delete no'? I assume from the subject line
you've examined the file and directory permissions. Check the upload
clauses as well while you're looking the ftpaccess file.

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Fri Feb 12 06:27:38 1999
Received: from relay3.UU.NET (relay3.UU.NET [192.48.96.8])
by landfield.com (8.9.0/8.9.0) with ESMTP id GAA13694;
Fri, 12 Feb 1999 06:27:37 -0600 (CST)
Received: from relay3.UU.NET by relay3.UU.NET with ESMTP
(peer crosschecked as: root@localhost)
id QQgcaq25694;
Wed, 10 Feb 1999 21:11:28 -0500 (EST)
Received: from wugate.wustl.edu by relay3.UU.NET with ESMTP
(peer crosschecked as: wugate.wustl.edu [128.252.120.1])
id QQgbzk12510;
Wed, 10 Feb 1999 13:04:00 -0500 (EST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id MAA18187;
Wed, 10 Feb 1999 12:03:16 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id LAA11288
for <[email protected]>; Wed, 10 Feb 1999 11:58:21 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id MAA24410;
Wed, 10 Feb 1999 12:57:05 -0500
Message-Id: <[email protected]>
Date: Wed, 10 Feb 1999 12:57:05 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: "Maxim V. Tulyuk" <[email protected]>
Cc: [email protected]
Subject: Re: Guest Account's Problems
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Wed, 10 Feb 1999, Maxim V. Tulyuk wrote:

> ls shows my root directory BUT WHY? WHERE MY MISTAKE?

Which version of the daemon are you running? Your question is probably
answered in the FAQ, please check it first. Aslo, I have an example site
at ftp://ftp.vr.net/pub/wu-ftpd/examples/ which may help.

wu-ftpd Resource Center: http://www.landfield.com/wu-ftpd/
wu-ftpd FAQ: http://www.cetis.hvu.nl/~koos/wu-ftpd-faq.html
wu-ftpd list archive: http://www.landfield.com/wu-ftpd/mail-archive/

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Fri Feb 12 06:27:59 1999
Received: from relay3.UU.NET (relay3.UU.NET [192.48.96.8])
by landfield.com (8.9.0/8.9.0) with ESMTP id GAA13759;
Fri, 12 Feb 1999 06:27:58 -0600 (CST)
Received: from relay3.UU.NET by relay3.UU.NET with ESMTP
(peer crosschecked as: root@localhost)
id QQgcaf08372;
Wed, 10 Feb 1999 18:19:19 -0500 (EST)
Received: from wugate.wustl.edu by relay3.UU.NET with ESMTP
(peer crosschecked as: wugate.wustl.edu [128.252.120.1])
id QQgbzx24235;
Wed, 10 Feb 1999 16:26:56 -0500 (EST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id PAA05900;
Wed, 10 Feb 1999 15:26:22 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id PAA08484
for <[email protected]>; Wed, 10 Feb 1999 15:23:59 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id QAA01266;
Wed, 10 Feb 1999 16:23:37 -0500
Message-Id: <[email protected]>
Date: Wed, 10 Feb 1999 16:23:37 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: "Robertson, Rocke" <[email protected]>
Cc: wuftp <[email protected]>
Subject: Re: remote root overflow ?
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Wed, 10 Feb 1999, Robertson, Rocke wrote:

> I just received an email concerning an advisory that certain ftp
> servers are vulnerable to attacks, I believe them to be denial of
> service attacks. They claim that wuftp beta 18 is vulnerable on most
> Unix platforms. I have not hear of this being discussed on this mail
> list.

It has been, including a pre-release of the Netect advisory.

The original discussion, though, was about 6 months ago on Bugtraq.

> The advisory came from Netec In. It is a General Public Security
> Advisory...?

It's an advisory. It's not from CERT, though. Take that to mean what you
will.

My feeling is this; Aleph approved it for Bugtraq .. I'd pay attention. He
has reason to trust Netect and that's good enough for me.

> Has anyone heard of this dos ? Should we be concerned if we are using
> wuftpd on Solaris 2.6 ?

It's not a DoS, it's a potential rootshell.

I had a long discussion with the folk at Netect about this, first pointing
them to the history (which they'd missed on Bugtraq as well) then
discussing whenther they could actually inject any code into the
root-running daemon. They have a test which showed that they could inject
enough garbage to crash the daemon. To them, that means it's only a matter
of hard work to inject a rootshell.

It doesn't only effect FTP daemons. It also effects all platforms whose
realpath() which has not been corrected. Wu-FTPD was effected because it
includes a private copy of realpath(). This copy is not used on all
systems; it IS used on Solaris systems.

I told Netect that the best course is to assume wu-ftpd is vulnerable; if
it uses its local copy of realpath() it is; otherwise you don't know and
have to ask the OS vendor.

If you're not the target architecture, it'll look like a DoS. Of course,
a DoS for wu-ftpd isn't much good if you're running from inetd since the
only person you can deny is yourself.

Should you be concerned on Solaris 2.6? Definitely. Unless you're
already running VR10 or later, or BeroFTPD 1.2.0 or later.

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Fri Feb 12 06:28:10 1999
Received: from relay3.UU.NET (relay3.UU.NET [192.48.96.8])
by landfield.com (8.9.0/8.9.0) with ESMTP id GAA13786;
Fri, 12 Feb 1999 06:28:09 -0600 (CST)
Received: from relay3.UU.NET by relay3.UU.NET with ESMTP
(peer crosschecked as: root@localhost)
id QQgcab16873;
Wed, 10 Feb 1999 17:27:01 -0500 (EST)
Received: from wugate.wustl.edu by relay3.UU.NET with ESMTP
(peer crosschecked as: wugate.wustl.edu [128.252.120.1])
id QQgcab16854;
Wed, 10 Feb 1999 17:27:00 -0500 (EST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id QAA07192;
Wed, 10 Feb 1999 16:26:07 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id QAA17587
for <[email protected]>; Wed, 10 Feb 1999 16:24:01 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id RAA01937;
Wed, 10 Feb 1999 17:23:54 -0500
Message-Id: <[email protected]>
Date: Wed, 10 Feb 1999 17:23:54 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: "Speier, Guy J - CNF" <[email protected]>
Cc: WU-FTPD Discussion List <[email protected]>
Subject: RE: remote root overflow ?
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Guy, I hope you don't mind that I cc the list on this.

On Wed, 10 Feb 1999, Speier, Guy J - CNF wrote:

> Could you tell me a little more about VR##?

I'm going to answer with history rather than a list of features. You can
get the features by reading the FIXES*VR* files at my ftp site; it's a
VERY long list .. print it and read it on the john tonight.

I've been on the list since before Kent started archiving it, before Stan
became maintainer, and before Koos started keeping the FAQ. For years I
just monitored. A few years ago it seemed too few people were answering
questions, or taking too long to, so I started. Sorta like you've been
doing recently, Guy.

One thing I noticed was people kept asking for features and Stan kept
putting them off. Personally, I doubt he'll ever make an end to these
interminable 'beta' releases and open the daemon to development again.

Back when beta-17 came out I'd had enough. I decided to start collecting
the patches, rolling them together, and offering them up to anyone
interested. I started with a 100% review of the ENTIRE archive of the
mailing list. From that I gleaned every feature request, bug report or
patch EVER offered. To that list I added Stan's TODO list. Ever since
I've been plowing through that list (it's a LONG list), and working to fix
bugs injected or otherwise noted along the way.

The first who VR sets were against Beta-17. They're in my attic if you're
interested in them (don't bother though). When Stan released beta-18, I
rolled every change he didn't already have into VR3, the first set for
beta-18.

Originally, I was only releasing patch files. By the time it got to VR5 I
realized that it was asking too much of people to download all those files
and apply them all, so I started offering a pre-patched tarball.

At about the same time Bernard started picking up my patches and including
what he could in BeroFTPD. Since then, he and I have corresponded
regularly about features and bugfixes so our patches don't cause too many
CVS conflicts for the other's tree. Mainly it's a one-way pipe, though,
he takes my patches and works on the new features which I see no reason
for the base release to support (at least until the RFC comes out). The
fix for realpath, however, is an example my my taking work Bernard had
done and back-porting it into the base daemon.

Over time, a number of people started sending reports and fixes directly
to me. Shortly after VR9 came out, Ayamura Kikuchi <[email protected]>
set up a majordomo list at one of his sites in Japan where those of us
working on the VR series, or building binaries for my releases, may
correspond. It's a closed list; if I think someone should be on it, I let
them know.

Originally, I was pushing out a release twice a month. With VR10 I
switched to a once-a-month schedule. This is because, with others
involved, I need to give them some time to get real work done and, well
frankly, I'm approaching the end of my TODO list and what's left is the
hard stuff for which I don't have any submitted patches so I need more
time to work on it.

Right now, I'm working on VR14. Mainly this will be a security release
fixing the PASV port race as best it can be fixed and still be speaking
FTP. There's a few other fixes I'll be adding, all having to do with
buffer overruns or other security matters.

> How do I install these?

If you trust pre-compile binaries (personally, I don't) and there's one
for your platform available, use it. How? Dunno. I never trust 'em
myself. If I did, I'd probably hand-copy the files into place.

I prepatch a source kit, and you can download that if you want. That's
what I'd recommend you doing. Installing this way is just like you've
always done it.

Otherwise, all the context-diff patch files are available. You can
download beta-18 from Academ, then apply each patch file. If you do that,
be sure to do them in order! I make these patch files available so the
ultra-paranoid can see exactly what I've changed and pick-and-choose.
This isn't for the faint-of-heart, though. We're talking thousands of
lines of context-diffs.

> If I download the latest version of wu, is this included?

I presume you mean from Academ. No, Stan does not include the VR patches.

A pre-patched tarball is available at my ftp site, along with the original
academ tarball and all the diffs.

> why not (if not)?

Stan's avowed policy is that he will accept no new features. Rather then
hassle with Stan, and since I rather doubt he's doing much (if anything)
with the daemon anyway, I don't bother sending him my work. Most of it is
new features which I know he doesn't want and I really am not inclined to
try to determine _where_ a bug crept in so I don't bother sending him bug
reports. In a word, though: I don't think Stan cares any more.

> Do I need a recompile?

Unless you download a precompiled binary, yes. If I were you, I'd
download the source kit and recompile.

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Fri Feb 12 06:28:19 1999
Received: from relay3.UU.NET (relay3.UU.NET [192.48.96.8])
by landfield.com (8.9.0/8.9.0) with ESMTP id GAA13809;
Fri, 12 Feb 1999 06:28:18 -0600 (CST)
Received: from relay3.UU.NET by relay3.UU.NET with ESMTP
(peer crosschecked as: root@localhost)
id QQgcct24823;
Thu, 11 Feb 1999 10:54:11 -0500 (EST)
Received: from wugate.wustl.edu by relay3.UU.NET with ESMTP
(peer crosschecked as: wugate.wustl.edu [128.252.120.1])
id QQgcct24786;
Thu, 11 Feb 1999 10:54:07 -0500 (EST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id JAA01508;
Thu, 11 Feb 1999 09:50:36 -0600 (CST)
Received: from rehost.com ([email protected] [199.97.122.254])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id JAA15569
for <[email protected]>; Thu, 11 Feb 1999 09:48:58 -0600 (CST)
Received: from kestrel (kestrel.rehost.com [172.22.47.9])
by rehost.com (8.9.0/8.9.1) with SMTP id KAA07282
for [email protected]; Thu, 11 Feb 1999 10:48:56 -0500
Message-Id: <[email protected]>
Date: Thu, 11 Feb 1999 10:48:56 -0500
Reply-To: [email protected]
Sender: [email protected]
From: Bret McDanel <[email protected]>
To: [email protected]
Subject: Re: Passive FTP & Web browsers
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 7bit
X-Mailer: XCmail 0.99.6 - with PGP support, PGP engine version 0.5
X-Mailerorigin: http://www.fsai.fh-trier.de/~schmitzj/Xclasses/XCmail/
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

---Reply on mail from Dave Wreski about Passive FTP & Web browsers

>
>>> Is there any way to disable PASSIVE command on wu-ftpd?
>
> I thought passive mode was the preferred way of doing FTP data transfers? This
> is because the server designates the port that will be used, instead of
> allowing
> the client to request the data port, no?
>
> Why wouldn't you let this thru your firewall?
>
well as I understand things the ftp server will send from port 21 (or
rather by default ftp port +1 unless manually configured differently)..
This means that its easy to configure filters, however depending on the
level of the firewall depends on how hard that filter is to get around..

As for disabling PASSIVE mode, yes its possible, however it will break
stuff if you do (ie netscape/explorer will only connect via PASV AFAIK,
and a lot of people are using that (something like 40% of all data
connections to microsofts ftp site are PASSIVE (and for those that will
complain about me saying that site, this is public info so it doesnt
matter), do you want to deal with 40% (or whatever it is for you) of
people complaining that they cant get files???)

To disable PASSIVE you will have to disable the PASV command, which isnt
that hard but AFAIK requires a code change..

--
Bret McDanel http://www.rehost.com
Realistic Technologies, Inc. 973-514-1144

These opinions are mine, and may not be the same as my employer

From [email protected] Fri Feb 12 06:28:23 1999
Received: from relay3.UU.NET (relay3.UU.NET [192.48.96.8])
by landfield.com (8.9.0/8.9.0) with ESMTP id GAA13820;
Fri, 12 Feb 1999 06:28:22 -0600 (CST)
Received: from relay3.UU.NET by relay3.UU.NET with ESMTP
(peer crosschecked as: root@localhost)
id QQgcaz24929;
Wed, 10 Feb 1999 23:29:02 -0500 (EST)
Received: from wugate.wustl.edu by relay3.UU.NET with ESMTP
(peer crosschecked as: wugate.wustl.edu [128.252.120.1])
id QQgcaz24922;
Wed, 10 Feb 1999 23:29:01 -0500 (EST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id WAA05517;
Wed, 10 Feb 1999 22:28:33 -0600 (CST)
Received: from sam.nic.com (nic.com [204.141.60.10])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id WAA30104
for <[email protected]>; Wed, 10 Feb 1999 22:23:58 -0600 (CST)
Received: from gossamer.netdev.org (IDENT:[email protected] [204.141.60.55])
by sam.nic.com (8.9.1/8.9.1) with ESMTP id XAA15207;
Wed, 10 Feb 1999 23:23:29 -0500 (EST)
Message-Id: <[email protected]>
Date: Wed, 10 Feb 1999 21:26:21 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Dave Wreski <[email protected]>
To: Gregory A Lundberg <[email protected]>
Cc: WU-FTPD mailing list <[email protected]>,
"Pavel P. Zabortsev" <[email protected]>
Subject: Re: Passive FTP & Web browsers
In-Reply-To: <[email protected]>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 8bit
MIME-Version: 1.0
X-Sender: [email protected]
X-Mailer: XFMail 1.3 [p0] on Linux
X-Priority: 3 (Normal)
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

>> Is there any way to disable PASSIVE command on wu-ftpd?

I thought passive mode was the preferred way of doing FTP data transfers? This
is because the server designates the port that will be used, instead of allowing
the client to request the data port, no?

Why wouldn't you let this thru your firewall?

Thanks,
Dave

From [email protected] Fri Feb 12 06:36:14 1999
Received: from relay6.UU.NET (relay6.UU.NET [192.48.96.16])
by landfield.com (8.9.0/8.9.0) with ESMTP id GAA14037;
Fri, 12 Feb 1999 06:36:10 -0600 (CST)
Received: from relay6.UU.NET by relay6.UU.NET with ESMTP
(peer crosschecked as: root@localhost)
id QQgbvg27958;
Tue, 9 Feb 1999 10:14:06 -0500 (EST)
Received: from wugate.wustl.edu by relay6.UU.NET with ESMTP
(peer crosschecked as: wugate.wustl.edu [128.252.120.1])
id QQgbvg27841;
Tue, 9 Feb 1999 10:13:46 -0500 (EST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id JAA23305;
Tue, 9 Feb 1999 09:11:55 -0600 (CST)
Received: from rehost.com (hawk.rehost.com [199.97.122.254])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id JAA03471
for <[email protected]>; Tue, 9 Feb 1999 09:08:38 -0600 (CST)
Received: from kestrel (kestrel.rehost.com [172.22.47.9])
by rehost.com (8.9.0/8.9.1) with SMTP id KAA01810;
Tue, 9 Feb 1999 10:08:26 -0500
Message-Id: <[email protected]>
Date: Tue, 9 Feb 1999 10:08:26 -0500
Reply-To: [email protected]
Sender: [email protected]
From: Bret McDanel <[email protected]>
To: [email protected]
Cc: [email protected]
Subject: Re: Patch - Re: Security Issue that prolly should be addressed insome mannor
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 7bit
X-Mailer: XCmail 0.99.6 - with PGP support, PGP engine version 0.5
X-Mailerorigin: http://www.fsai.fh-trier.de/~schmitzj/Xclasses/XCmail/
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

---Reply on mail from Gregory A Lundberg about Patch - Re: Security Issue that prolly should be addressed insome mannor

> On Sat, 8 Nov 1997, Bret McDanel wrote:
>
>> you should have known if I was boasting (as you put it) or not BEFORE
>> you called my boss and tried to get me fired..
>
> I called you boss because you appear to have committed a felony and felt
> he would be able to handle it more quickly and more efficiently than the
> FBI or cdrom.com's laywers. I did not, however, attempt to get you fired.
> In fact, I told him I would be willing to work with you on this issue once
> the issue of your credentials had been established.
>
well you said after you had finished everything you would then inform me,
to quote: "Once I have the code in place, I propose notifying Bret"

I never said that I committed a felony, you assumed that.. I never said
that the connections that I hijacked werent mine (or those of a friends)..
It would be trivial to check this if I telnet to the ftp server issue the
PASV command (and I like to also at that time issue a LIST command) and
then telnet in from a DIFFERENT machine to see if it is vunerable.. That
only takes a couple seconds to do (espically with a program that connects
and spits out the port on its own so I dont have to convert the 2 number
port into a single number)..

I think this has to do with the fact that I said I released a program that
would connect to an ftp server and pull off data (you refused to admit
there was a problem until I said that, at which time you went ape shit and
called my boss, emailed him saying "What concerns me more is his claim to
have 'released' the attack." if that was your major concern then I can see
how your ego would be bruised and you would call up and threaten the FBI
on my boss if he didnt filter all my email and stuff..

> If my position on this is unacceptable to you, I can contact cdrom.com and
> the FBI and they can explain things to you in more forcefull language.
>
> I had hoped, btw, to keep this portion of this incident private between
> the three of us.
>
Why so that people dont see that if problems are found in ftpd they should
NOT report them for fear that you will call their employer and threaten
them??

> Of course the code is trivial. My first response to your posting was to
> ensure the followers of this list that the problem was old and had never
> been noted in the wild. Sure, they could do that by reading your links,
> but I felt a posting would be more effective.
>
Oh I thought it was to say that hte problem wasnt that real cause it hadnt
been seen in the wild.. How many people really knew that first, there was
a problem, and second what to look for if someone was doing this??

> I placed a low priority on the problem because it had never been seen in
> the wild. In your misguided zealousness to glean some fame for yourself,
> you have released ready-made code for even the lowliest script kid to play
> with. And trust me, play with it they will.
>
I only mentioned that AFTER you refused to admit the problem.. How is
that seeking fame?? I also didnt release it in my name, so again how is
that seeking fame?? Had you just said 'Gee I know I am working on fixing
that' instead of trying to deny it in the first place I wouldnt have said
anything..

> Now, those of us who maintain FTP servers, not just wu-ftpd, but *ALL*
> servers, must rush about, patching, attempting to limit the damage you
> have caused. Next time, as I'm quite sure your boss has impressed upon
> you, think before you act.
>
I caused?? this is a multi year old problem that has not been fixed,
there were other people talking about this specific thing BEFORE I wrote
my program.. I did not write the crappy code into ftpd, I didnt cause the
problem, the problem was always there.. You lack in programming skills
should not be blamed on me, if you cant fix problems that you are aware
of, ask for help, if you cant ask for help dont blame others for the
problem being there (just to clairfy, the problem was there long before I
wrote this trivial program (which is barely more than a port scanner))

You admitted to knowledge of this problem, and refused to fix it until AFTER
it was released.. To think that people dont have such simple programs is
insane.. I actually think in this case it was a good thing that it was
released, how much longer were you going to wait (even after an advisory
released feb 01, even after nai's ballista program scans for this specific
thing, etc) to patch any of the distributions (even the one(s) that you
are resonsible for)???

--
Bret McDanel http://www.rehost.com
Realistic Technologies, Inc. 973-514-1144

These opinions are mine, and may not be the same as my employer

From [email protected] Fri Feb 12 06:36:23 1999
Received: from relay6.UU.NET (relay6.UU.NET [192.48.96.16])
by landfield.com (8.9.0/8.9.0) with ESMTP id GAA14049;
Fri, 12 Feb 1999 06:36:22 -0600 (CST)
Received: from relay6.UU.NET by relay6.UU.NET with ESMTP
(peer crosschecked as: root@localhost)
id QQgcae13344;
Wed, 10 Feb 1999 18:03:30 -0500 (EST)
Received: from wugate.wustl.edu by relay6.UU.NET with ESMTP
(peer crosschecked as: wugate.wustl.edu [128.252.120.1])
id QQgcae13320;
Wed, 10 Feb 1999 18:03:27 -0500 (EST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id RAA01739;
Wed, 10 Feb 1999 17:03:09 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id QAA12318
for <[email protected]>; Wed, 10 Feb 1999 16:57:01 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id RAA02316;
Wed, 10 Feb 1999 17:56:41 -0500
Message-Id: <[email protected]>
Date: Wed, 10 Feb 1999 17:56:33 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: Dan Foster <[email protected]>
Cc: [email protected], [email protected]
Subject: Re: remote root overflow ?
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Wed, 10 Feb 1999, Dan Foster wrote:

> So, what was the exact fix, if you remember? It'd probably be of some
> use to those of who who still runs beta18 and not one of the
> derivatives.

The realpath() code was such a pile of crap, Bernard and I talked about it
and decided it had to go. He did the work. A complete replacement with
a non-vulnerable version from some flavor of BSD.

Here's the fix RedHat is using. Whether it's complete or not is
debatable. Frankly, it doesn't look to me like it fixes the entire
problem, just the enough to pass Netect's test. Remember, though we fixed
this problem long before there was a test for it.

Use --ignore-whitespace on this and watch for linewraps, I'm using
cut-n-paste:

--- wu-ftpd-2.4.2-beta-18/src/realpath.c.security Mon Jul 6 05:14:39 1998
+++ wu-ftpd-2.4.2-beta-18/src/realpath.c Mon Jan 18 19:16:45 1999
@@ -40,6 +40,7 @@
#include <sys/stat.h>
#include <sys/param.h>
#include <string.h>
+#include <syslog.h>

#ifndef HAVE_SYMLINK
#define lstat stat
@@ -143,7 +144,13 @@
continue;
if ((last == namebuf) || (*--last != '/'))
strcat(namebuf, "/");
- strcat(namebuf, where);
+ if (strlen(namebuf)+strlen(where) < sizeof(namebuf)) {
+ strcat(namebuf, where);
+ } else {
+ /* The path name is too long... bail out */
+ strcpy(result, "\0");
+ return NULL;
+ }

where = ++ptr;
if (lstat(namebuf, &sbuf) == -1) {
@@ -164,7 +171,13 @@
*workpath = '\0';
if (*where) {
strcat(linkpath, "/");
- strcat(linkpath, where);
+ if (strlen(linkpath) + strlen(where) < sizeof(linkpath)) {
+ strcat(linkpath, where);
+ } else {
+ /* path too long... bail out --cristiang */
+ strcpy(result, "\0");
+ return(NULL);
+ }
}
strcpy(curpath, linkpath);
goto loop;

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Fri Feb 12 06:36:35 1999
Received: from relay6.UU.NET (relay6.UU.NET [192.48.96.16])
by landfield.com (8.9.0/8.9.0) with ESMTP id GAA14068;
Fri, 12 Feb 1999 06:36:33 -0600 (CST)
Received: from relay6.UU.NET by relay6.UU.NET with ESMTP
(peer crosschecked as: root@localhost)
id QQgcad05399;
Wed, 10 Feb 1999 17:50:35 -0500 (EST)
Received: from wugate.wustl.edu by relay6.UU.NET with ESMTP
(peer crosschecked as: wugate.wustl.edu [128.252.120.1])
id QQgcad05381;
Wed, 10 Feb 1999 17:50:34 -0500 (EST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id QAA03621;
Wed, 10 Feb 1999 16:50:17 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id QAA12883
for <[email protected]>; Wed, 10 Feb 1999 16:49:32 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id RAA02217;
Wed, 10 Feb 1999 17:49:22 -0500
Message-Id: <[email protected]>
Date: Wed, 10 Feb 1999 17:49:21 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: Tony Warner <[email protected]>
Cc: [email protected]
Subject: Re: Followup: Re: wu-ftpd on Digital Unix with Enhanced Security
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Wed, 10 Feb 1999, Tony Warner wrote:

> I've got version 2.4.2 beta 18. Compiled it with "build osf" (not
> "build dec" -- I couldn't get it to compile with that config file)

Hmm. Base Beta-18? You oughta subscribe to Bugtraq :P

> The daemon seems to be completely usable in the default state, but as
> soon as I try to run it with the -a flag, it stops working.

VR13 is known to work on DU4. Some changes to the build system were
needed for DU4 so with VR13 do 'build du4' instead.

My WAG though is that the version of inetd you're running needs argv[0]
set to ftpd and it's eating up the '-a' thinking that's the program name
for argv[0]. Try adding 'ftpd' right after the program filename
(/usr/.../ftpd) on the inetd.conf line. I forget the format since I don't
run stock inetd any more. :P

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Fri Feb 12 06:49:00 1999
Received: from relay7.UU.NET (relay7.UU.NET [192.48.96.17])
by landfield.com (8.9.0/8.9.0) with ESMTP id GAA14281;
Fri, 12 Feb 1999 06:48:58 -0600 (CST)
Received: from relay7.UU.NET by relay7.UU.NET with ESMTP
(peer crosschecked as: root@localhost)
id QQgcal18767;
Wed, 10 Feb 1999 19:47:58 -0500 (EST)
Received: from wugate.wustl.edu by relay7.UU.NET with ESMTP
(peer crosschecked as: wugate.wustl.edu [128.252.120.1])
id QQgcal18760;
Wed, 10 Feb 1999 19:47:57 -0500 (EST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id SAA27561;
Wed, 10 Feb 1999 18:47:40 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id SAA01147
for <[email protected]>; Wed, 10 Feb 1999 18:41:51 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id TAA03151;
Wed, 10 Feb 1999 19:41:41 -0500
Message-Id: <[email protected]>
Date: Wed, 10 Feb 1999 19:41:41 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: Dan Stromberg <[email protected]>
Cc: [email protected]
Subject: Re: VR## vs BeroFTPD?
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Wed, 10 Feb 1999, Dan Stromberg wrote:

> I know, this is dangerously close to inciting a flame war. I hope we
> can be more civilized than that. I want to make an informed decision
> on this issue, can you blame me?

As far as Bernard and I are concerned, this shouldn't incite a flame war.
We try to work together while still going our separate ways.

Both of us content the base beta-18 is too buggy and has been left to
languish too long.

My position is this:

As I see it, it's a linear upgrade path.

If you're not running the base beta-18 you should turn off the computer
until you've upgraded. Do it RIGHT NOW! before a script kid finds you and
turns it off for you, or worse.

If you're happy with the base beta-18 and don't want to risk any changes
you don't absolutely have to make .. well, that's your problem, stay with
it but at least apply the Redhat patch I posted a while ago.

If you have no need for virtual-FTP sites, or only a small need (a few
sites, all sharing username/passwords), you should upgrade to the VR
version. It's a drop-in replacement. There is one correction which, if
your site was not properly secured upload clauses to begin with, will
prevent all access or at least prevent all uploads; since BeroFTPD has
most of the VR fixes, you'll have the same problem but you'll be reworking
your ftpaccess anyway so you won't notie. Other than that it's just
download, compile and install. You can make use of the new features
later, when you're ready to use them.

If you have a platform which has not been traditionally supported by
wu-ftpd, you will want to take a look at BeroFTPD because it uses GNU
Autoconf instead of the traditional build scheme. It will make porting
easier; and let Bernard know if you made any changes so he can add the
tests to his autoconf scripts.

If you have a need for FTP-SEC with Kerberos 5, you definitely want
BeroFTPD.

If you have installed Kent's NEWVIRT, or run a large, complex site with a
lot of virtual-FTP servers and need finer control than VR or the base
version can give you, you want BeroFTPD.

If you want to develop clients for the next-generation FTP, using the
as-yet preliminary HOST command, you want BeroFTPD.

> Anyway, can some of the -users- out there who are using VR## and/or
> BeroFTPD comment on why they chose the one they did, and how happy
> they've been with the decision?

I'll give you exactly one (1) guess why _I_ don't run BeroFTPD on my
production servers. :)

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Fri Feb 12 06:49:06 1999
Received: from relay7.UU.NET (relay7.UU.NET [192.48.96.17])
by landfield.com (8.9.0/8.9.0) with ESMTP id GAA14300;
Fri, 12 Feb 1999 06:49:06 -0600 (CST)
Received: from relay7.UU.NET by relay7.UU.NET with ESMTP
(peer crosschecked as: root@localhost)
id QQgbzq15854;
Wed, 10 Feb 1999 14:42:12 -0500 (EST)
Received: from wugate.wustl.edu by relay7.UU.NET with ESMTP
(peer crosschecked as: wugate.wustl.edu [128.252.120.1])
id QQgbzq15834;
Wed, 10 Feb 1999 14:42:10 -0500 (EST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id NAA05603;
Wed, 10 Feb 1999 13:41:48 -0600 (CST)
Received: from apollo.gat.com (apollo.gat.com [192.5.166.20])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id NAA05968
for <[email protected]>; Wed, 10 Feb 1999 13:38:19 -0600 (CST)
Received: from nt-usc (NT-USC.GAT.COM [192.5.166.179])
by apollo.gat.com (8.9.1/8.9.0) with SMTP id LAA11517
for <[email protected]>; Wed, 10 Feb 1999 11:37:48 -0800 (PST)
Message-Id: <[email protected]>
Date: Wed, 10 Feb 1999 11:37:47 -0800
Reply-To: [email protected]
Sender: [email protected]
From: Tony Warner <[email protected]>
To: [email protected]
Subject: wu-ftpd on Digital Unix with Enhanced Security
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Sender: [email protected] (Unverified)
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.0
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Hi,

I'm new to the list and have read the FAQ and most recent mail archives,
but can't seem to find the answer I'm looking for....

I have just compiled and installed wu-ftpd 2.4 on a Digital Alpha Personal
Workstation running DU 4.0D.

I made these changes according to the faq:

Make these changes to ./src/config/config.osf :

#define SecureWare
#include <sys/secdefines.h>
#include <sys/types.h>
#include <sys/security.h>
#include <sys/audit.h>
#include <prot.h>
and add the following to ./src/makefiles/Makefile.osf

LIBES = -lsupport -lsecurity -laud

Then did "build osf".

That got it working pretty good from the command line. However,
PC and MAC clients are not able to view any files once they
are connected.

Connecting from a unix host with command line ftp works as expected.
using WS-FTP on a PC or Fetch on a MAC allows the conection but shows
no files. I do not have any banners or messages displaying in my ftpaccess
file. I only have one line in my ftpaccess file (for simplicity):

class all real,guest,anonymous *

Any ideas what I'm missing?

Thanks,
Tony Warner

*********************************************************************
Tony Warner [email protected]
General Atomics (619) 455-4285

*********************************************************************

From [email protected] Fri Feb 12 06:49:10 1999
Received: from relay7.UU.NET (relay7.UU.NET [192.48.96.17])
by landfield.com (8.9.0/8.9.0) with ESMTP id GAA14312;
Fri, 12 Feb 1999 06:49:09 -0600 (CST)
Received: from relay7.UU.NET by relay7.UU.NET with ESMTP
(peer crosschecked as: root@localhost)
id QQgbzy14622;
Wed, 10 Feb 1999 16:40:07 -0500 (EST)
Received: from wugate.wustl.edu by relay7.UU.NET with ESMTP
(peer crosschecked as: wugate.wustl.edu [128.252.120.1])
id QQgbzy14486;
Wed, 10 Feb 1999 16:39:58 -0500 (EST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id PAA09573;
Wed, 10 Feb 1999 15:39:21 -0600 (CST)
Received: from rehost.com ([email protected] [199.97.122.254])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id PAA26691
for <[email protected]>; Wed, 10 Feb 1999 15:38:02 -0600 (CST)
Received: from kestrel (kestrel.rehost.com [172.22.47.9])
by rehost.com (8.9.0/8.9.1) with SMTP id QAA05860;
Wed, 10 Feb 1999 16:37:48 -0500
Message-Id: <[email protected]>
Date: Wed, 10 Feb 1999 16:37:48 -0500
Reply-To: [email protected]
Sender: [email protected]
From: Bret McDanel <[email protected]>
To: [email protected]
Cc: [email protected]
Subject: Re: remote root overflow ?
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 7bit
X-Mailer: XCmail 0.99.6 - with PGP support, PGP engine version 0.5
X-Mailerorigin: http://www.fsai.fh-trier.de/~schmitzj/Xclasses/XCmail/
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

---Reply on mail from Robertson, Rocke about remote root overflow ?

> I just received an email concerning an advisory that certain ftp
> servers are vulnerable to attacks, I believe them to be denial of
> service attacks. They claim that wuftp beta 18 is vulnerable on most
> Unix platforms. I have not hear of this being discussed on this mail
> list.
>
> The advisory came from Netec In. It is a General Public Security
> Advisory...?
>
if that is the one I am thinking of, it said that vr10 (and above) isnt
vunerable, it also said that it was a filename issue.. You may want to
upgrade to fix that (and a few other things)..

netec has the advisory on their page (www.netec.com I believe)

--
Bret McDanel http://www.rehost.com
Realistic Technologies, Inc. 973-514-1144

These opinions are mine, and may not be the same as my employer

From [email protected] Fri Feb 12 06:56:59 1999
Received: from relay1.UU.NET (relay1.UU.NET [192.48.96.5])
by landfield.com (8.9.0/8.9.0) with ESMTP id GAA14441;
Fri, 12 Feb 1999 06:56:57 -0600 (CST)
Received: from relay1.UU.NET by relay1.UU.NET with ESMTP
(peer crosschecked as: root@localhost)
id QQgbvk23223;
Tue, 9 Feb 1999 11:00:03 -0500 (EST)
Received: from wugate.wustl.edu by relay1.UU.NET with ESMTP
(peer crosschecked as: wugate.wustl.edu [128.252.120.1])
id QQgbvj20313;
Tue, 9 Feb 1999 10:55:00 -0500 (EST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id JAA22780;
Tue, 9 Feb 1999 09:54:47 -0600 (CST)
Received: from gomez.msfc.nasa.gov (GOMEZ.MSFC.NASA.GOV [128.158.176.175])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id JAA14164
for <[email protected]>; Tue, 9 Feb 1999 09:52:49 -0600 (CST)
Received: from whitewolf (whitewolf.msfc.nasa.gov [128.158.176.177])
by gomez.msfc.nasa.gov (8.8.8+Sun/8.8.7) with SMTP id JAA08741
for <[email protected]>; Tue, 9 Feb 1999 09:52:47 -0600 (CST)
Message-Id: <[email protected]>
Date: Tue, 09 Feb 1999 09:52:47 -0700
Reply-To: [email protected]
Sender: [email protected]
From: Michael Wright <[email protected]>
To: [email protected]
Subject: Permission problems
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Sender: [email protected]
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Hi all,

I have wu-ftpd install with virtual domains. I have a user that logs in
from a remote site to send some data. This user has an account on the
system and puts the data in a directory that he owns.

The problem is that this user is unable to delete any files from this
directory or any other directory that he may create.

Can anyone tell me what might be going on here.

Thanks, Michael

From [email protected] Fri Feb 12 06:58:06 1999
Received: from relay1.UU.NET (relay1.UU.NET [192.48.96.5])
by landfield.com (8.9.0/8.9.0) with ESMTP id GAA14517;
Fri, 12 Feb 1999 06:58:04 -0600 (CST)
Received: from relay1.UU.NET by relay1.UU.NET with ESMTP
(peer crosschecked as: root@localhost)
id QQgcac11811;
Wed, 10 Feb 1999 17:32:57 -0500 (EST)
Received: from wugate.wustl.edu by relay1.UU.NET with ESMTP
(peer crosschecked as: wugate.wustl.edu [128.252.120.1])
id QQgcac11793;
Wed, 10 Feb 1999 17:32:55 -0500 (EST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id QAA17209;
Wed, 10 Feb 1999 16:32:28 -0600 (CST)
Received: from www.aachen.linux.de ([email protected] [198.22.51.242])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id QAA06625
for <[email protected]>; Wed, 10 Feb 1999 16:24:53 -0600 (CST)
Received: from microsoft.sucks.eu.org (ppp-102.in-trier.de [198.22.51.102])
by www.aachen.linux.de (Postfix) with SMTP
id 9310ED06B; Thu, 11 Feb 1999 00:36:02 +0100 (CET)
Message-Id: <[email protected]>
Date: Wed, 10 Feb 1999 22:23:20 +0100 (CET)
Reply-To: [email protected]
Sender: [email protected]
From: Bernhard Rosenkraenzer <[email protected]>
To: "Robertson, Rocke" <[email protected]>
Cc: wuftp <[email protected]>
Subject: Re: remote root overflow ?
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Wed, 10 Feb 1999, Robertson, Rocke wrote:

> I just received an email concerning an advisory that certain ftp
> servers are vulnerable to attacks, I believe them to be denial of
> service attacks. They claim that wuftp beta 18 is vulnerable on most
> Unix platforms.

The problem is present in beta18; but it has fixed months ago in both the
VR version and BeroFTPD.

LLaP
bero

--
Windows 98 supports real multitasking - it can boot and crash simultaneously.
***
Anyone sending unwanted advertising e-mail to this address will be charged
$25 for network traffic and computing time. By extracting my address from
this message or its header, you agree to these terms.

From [email protected] Fri Feb 12 06:58:11 1999
Received: from relay1.UU.NET (relay1.UU.NET [192.48.96.5])
by landfield.com (8.9.0/8.9.0) with ESMTP id GAA14534;
Fri, 12 Feb 1999 06:58:10 -0600 (CST)
Received: from relay1.UU.NET by relay1.UU.NET with ESMTP
(peer crosschecked as: root@localhost)
id QQgcah16757;
Wed, 10 Feb 1999 18:49:05 -0500 (EST)
Received: from wugate.wustl.edu by relay1.UU.NET with ESMTP
(peer crosschecked as: wugate.wustl.edu [128.252.120.1])
id QQgcah16709;
Wed, 10 Feb 1999 18:49:01 -0500 (EST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id RAA30241;
Wed, 10 Feb 1999 17:48:41 -0600 (CST)
Received: from nis.acs.uci.edu ([128.200.16.34])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id RAA04474
for <[email protected]>; Wed, 10 Feb 1999 17:47:40 -0600 (CST)
Received: from nis.acs.uci.edu (bingy.acs.uci.edu [128.200.34.36]) by nis.acs.uci.edu (8.8.8/) with ESMTP id PAA05272 for <[email protected]>; Wed, 10 Feb 1999 15:47:24 -0800 (PST)
Message-Id: <[email protected]>
Date: Wed, 10 Feb 1999 15:47:23 -0800
Reply-To: [email protected]
Sender: [email protected]
From: Dan Stromberg <[email protected]>
To: [email protected]
Subject: VR## vs BeroFTPD?
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Sender: [email protected]
X-Mailer: Mozilla 4.5 [en] (X11; I; SunOS 5.7 sun4u)
X-Accept-Language: en
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

I know, this is dangerously close to inciting a flame war. I hope we
can be more civilized than that. I want to make an informed decision on
this issue, can you blame me?

Anyway, can some of the -users- out there who are using VR## and/or
BeroFTPD comment on why they chose the one they did, and how happy
they've been with the decision?

From [email protected] Fri Feb 12 06:58:23 1999
Received: from relay1.UU.NET (relay1.UU.NET [192.48.96.5])
by landfield.com (8.9.0/8.9.0) with ESMTP id GAA14558;
Fri, 12 Feb 1999 06:58:22 -0600 (CST)
Received: from relay1.UU.NET by relay1.UU.NET with ESMTP
(peer crosschecked as: root@localhost)
id QQgcal15787;
Wed, 10 Feb 1999 19:50:52 -0500 (EST)
Received: from wugate.wustl.edu by relay1.UU.NET with ESMTP
(peer crosschecked as: wugate.wustl.edu [128.252.120.1])
id QQgcal15781;
Wed, 10 Feb 1999 19:50:51 -0500 (EST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id SAA17288;
Wed, 10 Feb 1999 18:50:25 -0600 (CST)
Received: from relay.pair.com (relay1.pair.com [209.68.1.20])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id SAA20501
for <[email protected]>; Wed, 10 Feb 1999 18:45:15 -0600 (CST)
Received: from THEpal.com (nisus.cngp.cng.com [161.26.28.13])
by relay.pair.com (8.8.7/8.8.5) with ESMTP id TAA07735;
Wed, 10 Feb 1999 19:48:51 -0500 (EST)
Message-Id: <[email protected]>
Date: Wed, 10 Feb 1999 18:29:05 -0600
Reply-To: [email protected]
Sender: [email protected]
From: Albert Etienne <[email protected]>
To: [email protected]
Cc: [email protected]
Subject: Re: VR## vs BeroFTPD?
References: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Sender: [email protected]
X-Mailer: Mozilla 4.5 [en] (X11; U; SunOS 5.6 sun4u)
X-Accept-Language: en
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Dan,

If you have been following the list and reading Gregory's replies you will
see that Bero is really the same thing with more features; with features
comes risk.
It all depends on what you want to get out of the server.

Cheers,
al

ps. I am using both ;-)

Dan Stromberg wrote:

> I know, this is dangerously close to inciting a flame war. I hope we
> can be more civilized than that. I want to make an informed decision on
> this issue, can you blame me?
>
> Anyway, can some of the -users- out there who are using VR## and/or
> BeroFTPD comment on why they chose the one they did, and how happy
> they've been with the decision?

From [email protected] Fri Feb 12 06:58:36 1999
Received: from relay1.UU.NET (relay1.UU.NET [192.48.96.5])
by landfield.com (8.9.0/8.9.0) with ESMTP id GAA14584;
Fri, 12 Feb 1999 06:58:36 -0600 (CST)
Received: from relay1.UU.NET by relay1.UU.NET with ESMTP
(peer crosschecked as: root@localhost)
id QQgcbb20662;
Wed, 10 Feb 1999 23:48:13 -0500 (EST)
Received: from wugate.wustl.edu by relay1.UU.NET with ESMTP
(peer crosschecked as: wugate.wustl.edu [128.252.120.1])
id QQgcbb20645;
Wed, 10 Feb 1999 23:48:11 -0500 (EST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id WAA17434;
Wed, 10 Feb 1999 22:47:56 -0600 (CST)
Received: from basil.acr.net.au (basil.acr.net.au [203.22.236.98])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id WAA28253
for <[email protected]>; Wed, 10 Feb 1999 22:42:03 -0600 (CST)
Received: from TRE12.au.ibm.com (be2511s205.acr.net.au [203.22.236.205])
by basil.acr.net.au (8.9.1/8.9.1) with ESMTP id PAA06868;
Thu, 11 Feb 1999 15:44:52 +1100 (EST)
Message-Id: <[email protected]>
Date: Thu, 11 Feb 1999 15:40:50 +1100
Reply-To: [email protected]
Sender: [email protected]
From: "Geoff Terry" <[email protected]>
To: <[email protected]>, "Gregory A Lundberg" <[email protected]>
Cc: "WU-FTPD mailing list" <[email protected]>,
"Pavel P. Zabortsev" <[email protected]>
Subject: Re: Passive FTP & Web browsers
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-MSMail-Priority: Normal
X-Priority: 3
X-Mailer: Microsoft Internet Mail 4.70.1155
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Some ftp clients dont support passive?

Geoff

----------
> From: Dave Wreski <[email protected]>
> To: Gregory A Lundberg <[email protected]>
> Cc: WU-FTPD mailing list <[email protected]>; Pavel P. Zabortsev
<[email protected]>
> Subject: Re: Passive FTP & Web browsers
> Date: Thursday, 11 February 1999 13:26
>
>
> >> Is there any way to disable PASSIVE command on wu-ftpd?
>
> I thought passive mode was the preferred way of doing FTP data transfers?
This
> is because the server designates the port that will be used, instead of
allowing
> the client to request the data port, no?
>
> Why wouldn't you let this thru your firewall?
>
> Thanks,
> Dave

From [email protected] Fri Feb 12 07:10:20 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id HAA14759;
Fri, 12 Feb 1999 07:10:19 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id HAA19657;
Fri, 12 Feb 1999 07:07:09 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id HAA17748
for <[email protected]>; Fri, 12 Feb 1999 07:04:35 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id IAA02805;
Fri, 12 Feb 1999 08:00:45 -0500
Message-Id: <[email protected]>
Date: Fri, 12 Feb 1999 08:00:44 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: Roger Hanke <[email protected]>
Cc: "'WU-FTPD Discussion List'" <[email protected]>,
"'Kent Landfield'" <[email protected]>,
"'Bernhard Rosenkraenzer'" <[email protected]>
Subject: RE: shutdown command w/newvirt virtual servers
In-Reply-To: <c=US%a=_%p=att%[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Bernard used NEWVIRT-050 for BeroFTPD.

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Fri Feb 12 07:31:19 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id HAA15090;
Fri, 12 Feb 1999 07:31:18 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id HAA18871;
Fri, 12 Feb 1999 07:26:51 -0600 (CST)
Received: from sid.com.br (servicos.sid.com.br [200.230.210.130])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id HAA19580
for <[email protected]>; Fri, 12 Feb 1999 07:22:24 -0600 (CST)
Received: from classic_02.sid.com.br by sid.com.br (SMI-8.6/SMI-SVR4)
id LAA27654; Fri, 12 Feb 1999 11:22:34 -0200
Received: by sid.com.br (SMI-8.6/SMI-SVR4)
id LAA00430; Fri, 12 Feb 1999 11:21:13 -0200
Message-Id: <[email protected]>
Date: Fri, 12 Feb 1999 11:21:13 -0200
Reply-To: [email protected]
Sender: [email protected]
From: [email protected] (Luiz Antonio de Souza)
To: [email protected]
Subject: ftpwho
X-Sun-Charset: US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Hi users!

How I can known ftpusers (connections) during a download/upload?
I known only userid (nobody) grpid(nobody), but, wich files no...
Only after this operation I can see in xferlog...

Any hints??

Thanks

Souza
-----------------------------------------------------------
Luiz Antonio de Souza Tel.: (011) 215-2455 Ramal 235
Coord. Suporte Servidores - SUs Fac-simile: (011) 273-4384
SID INFORMATICA S/A. E-mail: [email protected]
Sun's Partner URL:http://www.sid.com.br
-----------------------------------------------------------

From [email protected] Fri Feb 12 09:02:06 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id JAA16570;
Fri, 12 Feb 1999 09:02:05 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id IAA23521;
Fri, 12 Feb 1999 08:57:38 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id IAA26834
for <[email protected]>; Fri, 12 Feb 1999 08:53:36 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id JAA04447;
Fri, 12 Feb 1999 09:52:29 -0500
Message-Id: <[email protected]>
Date: Fri, 12 Feb 1999 09:52:28 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: Luiz Antonio de Souza <[email protected]>
Cc: [email protected]
Subject: Re: ftpwho
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Fri, 12 Feb 1999, Luiz Antonio de Souza wrote:

> How I can known ftpusers (connections) during a download/upload? I
> known only userid (nobody) grpid(nobody), but, wich files no... Only
> after this operation I can see in xferlog...

One of the problems with ftpwho is it doesn't attempt to adjust to your
screen/window width. I get arround the problem by doing basically the
same thing as ftpwho by hand. Usually I wrap it in a look so it repeats
periodically as well:

#!/bin/sh
#This is for Linnux, you may need to adjust things for your system
while true; do
clear
uptime
ftpcount
echo
ps axw | grep ftpd
echo
sleep 10
done

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Fri Feb 12 09:02:39 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id JAA16587;
Fri, 12 Feb 1999 09:02:38 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id IAA21172;
Fri, 12 Feb 1999 08:59:07 -0600 (CST)
Received: from www.stoeu.com ([62.156.183.130])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id IAA26709
for <[email protected]>; Fri, 12 Feb 1999 08:54:12 -0600 (CST)
Received: by www.stoeu.com(Lotus SMTP MTA v1.2 (600.1 3-26-1998)) id 41256716.0051CB95 ; Fri, 12 Feb 1999 15:53:25 +0100
Message-Id: <[email protected]>
Date: Fri, 12 Feb 1999 15:53:22 +0100
Reply-To: [email protected]
Sender: [email protected]
From: [email protected]
To: [email protected]
Subject: Problems with guest ftp
Mime-Version: 1.0
Content-type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
X-Lotus-FromDomain: STOEU@STOEUEXT
X-MIME-Autoconverted: from quoted-printable to 8bit by wugate.wustl.edu id IAA26289
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Hi
I�ve got a little Problem which may be has been encountert by someone else.

I�d like to configure a guest-ftp-account on an rs6000 using wu-ftp.

OS-Version is 4.2.1.0,
ftp-version is wu-ftpd-2.4.2-beta-18
and I used gnu-gcc-2_8_1_0
for building the binarys

I invoke the ftpd by
ftp stream tcp nowait root /usr/sbin/ftpd ftpd -a
which is working fine for an anonymous access

After reading the "guest_how_to" from Michael Brennen I created a user
ftptest looking like this:
"ftptest:!:209:201::/home/ftp/./:/etc/ftponly"
and also the directory-structure described in the how-to.
I include this user in the /etc/group
"dummy:!:201:ftptest"

I created a /etc/ftpaccess -File like this
>
class all real,guest,anonymous *
readme README* login
readme README* cwd=*
message /welcome.msg login
message .message cwd=*
compress yes all
tar yes all
log commands real
log transfers anonymous,real inbound,outbound
shutdown /etc/shutmsg
guestgroup dummy
>

Still when trying to connect to the ftp-Server I get the following
response:
ftp 150.1.0.42
Verbunden zu 150.1.0.42.
220 dewenv01 FTP server (Version wu-2.4.2-academ[BETA-18](1) Thu Feb 11
17:38:13
NFT 1999) ready.
Benutzer (150.1.0.42:(none)): ftptest
530 User ftptest access denied.
Anmeldung fehlgeschlagen.
Ftp>

I have to admit that I�ve got no experience at all in the ftp-business.

Maybe someone has experienced the same problems and can help me out.

Thanx�s in advance

Greetings
Elmar Handke

From [email protected] Fri Feb 12 09:21:37 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id JAA16794;
Fri, 12 Feb 1999 09:21:37 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id JAA30075;
Fri, 12 Feb 1999 09:17:11 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id JAA28625
for <[email protected]>; Fri, 12 Feb 1999 09:10:13 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id KAA04873
for <[email protected]>; Fri, 12 Feb 1999 10:10:00 -0500
Message-Id: <[email protected]>
Date: Fri, 12 Feb 1999 10:09:59 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: WU-FTPD Discussion List <[email protected]>
Subject: wu-ftpd-2.4.2-beta-18-vr13 fails on AIX 4.2.1 (fwd)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Does anyone have any other suggestions? Or an email address for the AIX
compiler support team at IBM?

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

---------- Forwarded message ----------
Date: Fri, 12 Feb 1999 16:00:51 +0100
From: Ole Holm Nielsen
Subject: wu-ftpd-2.4.2-beta-18-vr13 fails on AIX 4.2.1

Dear WU-FTPD maintainers,

I am reporting a serious bug in the wu-ftpd-2.4.2-beta-18-vr13
on AIX 4.2.1. This is the same problem that was noted in
FIXES-2.4.2-BETA-18-VR9:

> [email protected] reports errors on AIX with malloc.
> [email protected] confirms a problem in send_data(). This patch is
> experimental against VR8 to attempt to correct the problem. I'm working
> on the supposition that the problem is data alignment; the 'blksize' is
> off_t and malloc() wants a size_t. I've added a conversion step which
> should eliminate the problem.

The ftpd.c line 3919:

size_t_blksize = blksize;

unfortunately doesn't fix the problem. I have found that
size_t_blksize becomes 0 (zero) by this assignment, even
with an explicit (size_t) typecast. This must be a compiler
bug, and even with "cc -g" the bug is still there.
I have no further ideas on how to correct the error.

I added this experimental code to verify the problem:
char erbuf[256];
...
size_t_blksize = blksize;
if (size_t_blksize <= 0) {
transflag = 0;
sprintf (erbuf, "Local resource failure: size_t_blksize=%ld blksize=%ld",
size_t_blksize, blksize);
perror_reply(451, erbuf);
retrieve_is_data = 1;
return (0);
}

A short testing code does NOT exhibit this problem on AIX 4.2.1:
#include <sys/types.h>
#include <stdio.h>
main() {
off_t blksize;
size_t size_t_blksize;
blksize = 8192;
size_t_blksize = blksize;
printf ("blksize=%ld size_t_blksize=%ld\n", blksize, size_t_blksize);
}

WORKAROUNDS:

Either of the following makes the ftpd work correctly:

1. Use #undef THROUGHPUT in config.h. This apparently makes
the compiler generate correct code.

2. Compile with GCC: In ./src go "make CC=gcc".

I have no further ideas on how to fool the AIX cc compiler into
generating correct code. You should talk to real AIX experts
or submit the problem to IBM Support.

Our AIX C-compiler is xlC.C with the latest fixes at level 3.1.4.10.
We do not have the new compiler version 4.4.

With best regards,

Ole Holm Nielsen
Department of Physics, Building 307
Technical University of Denmark, DK-2800 Lyngby, Denmark

From [email protected] Fri Feb 12 09:39:55 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id JAA17122;
Fri, 12 Feb 1999 09:39:54 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id JAA21635;
Fri, 12 Feb 1999 09:36:42 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id JAA32169
for <[email protected]>; Fri, 12 Feb 1999 09:32:52 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id KAA05373;
Fri, 12 Feb 1999 10:32:17 -0500
Message-Id: <[email protected]>
Date: Fri, 12 Feb 1999 10:32:16 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: [email protected]
Cc: [email protected]
Subject: Re: Problems with guest ftp
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

First guess: did you remember to kill -HUP the inetd process so your
changes would take effect?

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Fri Feb 12 10:01:01 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id KAA17481;
Fri, 12 Feb 1999 10:01:01 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id JAA01442;
Fri, 12 Feb 1999 09:56:18 -0600 (CST)
Received: from home.pmi-usa.com (ppp.pmi-usa.com [216.17.136.12] (may be forged))
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id JAA20663
for <[email protected]>; Fri, 12 Feb 1999 09:51:22 -0600 (CST)
Received: (from daemon@localhost)
by home.pmi-usa.com (8.8.5/8.8.5) id IAA29265
for <[email protected]>; Fri, 12 Feb 1999 08:46:23 -0700 (MST)
Received: from pmiisdn210.ppp.frii.net(216.17.146.210), claiming to be "[216.17.146.210]"
via SMTP by home.pmi-usa.com, id smtpdI29260; Fri Feb 12 15:46:18 1999
Message-Id: <l03130300b2e9fb0c9bf3@[216.17.146.210]>
Date: Fri, 12 Feb 1999 08:47:20 -0700
Reply-To: [email protected]
Sender: [email protected]
From: Chris Baar <[email protected]>
To: [email protected]
Subject: Default Location of Log Files?
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Sender: [email protected]
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

I have been running 2.4.2-beta-18 very successfully for several months now
on a FreeBSD 3.0 system. My only problem is I don't know where my logs
are. :)

In inetd.conf, I am calling ftpd with the flagset "-la". The "l" should
enable logging, correct? Is there an easy way to determine the path that
this is using for logging? I don't ever remember specifiying a path or a
name. Is there a default path or filename for these logs (ftp.log or
something)?

The only file I found that sounded reasonable was "/var/log/xferlog", but
it isn't being written to (even when writable by anybody).

Chris Baar
[email protected]

From [email protected] Fri Feb 12 10:18:57 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id KAA17761;
Fri, 12 Feb 1999 10:18:56 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id KAA05421;
Fri, 12 Feb 1999 10:15:40 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id KAA04173
for <[email protected]>; Fri, 12 Feb 1999 10:09:11 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id LAA06055;
Fri, 12 Feb 1999 11:08:16 -0500
Message-Id: <[email protected]>
Date: Fri, 12 Feb 1999 11:08:16 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: Chris Baar <[email protected]>
Cc: [email protected]
Subject: Re: Default Location of Log Files?
In-Reply-To: <l03130300b2e9fb0c9bf3@[216.17.146.210]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Fri, 12 Feb 1999, Chris Baar wrote:

> I have been running 2.4.2-beta-18 very successfully for several months
> now on a FreeBSD 3.0 system. My only problem is I don't know where my
> logs are. :)

$strings ftpd | grep xferlog
/var/log/xferlog
xferlog (send): %s
xferlog (recv): %s

> In inetd.conf, I am calling ftpd with the flagset "-la". The "l"
> should enable logging, correct? Is there an easy way to determine the
> path that this is using for logging? I don't ever remember
> specifiying a path or a name. Is there a default path or filename for
> these logs (ftp.log or something)?
>
> The only file I found that sounded reasonable was "/var/log/xferlog",
> but it isn't being written to (even when writable by anybody).

check your ftpaccess file. Make sure you're telling the daemon to log:
log transfer real,guest,anonymous inbound,outbound

If that doesn't do it, try also adding -i and -o options to the command
line in inetd.conf (don't forget to -HUP the inetd process if you do).

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Fri Feb 12 10:35:44 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id KAA17976;
Fri, 12 Feb 1999 10:35:44 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id JAA32059;
Fri, 12 Feb 1999 09:30:07 -0600 (CST)
Received: from ramses.lu.se (ramses.lu.se [130.235.132.90])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id JAA32215
for <[email protected]>; Fri, 12 Feb 1999 09:29:25 -0600 (CST)
Received: from lu-dal2.dal.lu.se (lu-dal2.dal.lu.se [130.235.143.210] (may be forged))
by ramses.lu.se (8.9.0/8.9.0) with ESMTP id QAA26737
for <[email protected]>; Fri, 12 Feb 1999 16:30:10 +0100 (MET)
Received: from LU-DAL2/SpoolDir by lu-dal2.dal.lu.se (Mercury 1.43);
12 Feb 99 17:20:40 +0100
Received: from SpoolDir by LU-DAL2 (Mercury 1.43); 12 Feb 99 17:20:17 +0100
Message-Id: <[email protected]>
Date: Fri, 12 Feb 1999 17:20:12 GMT+200
Reply-To: [email protected]
Sender: [email protected]
From: "Stig Isaksson" <[email protected]>
To: [email protected]
Subject: Erratic listing
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
X-pmrqc: 1
X-mailer: Pegasus Mail for Windows (v2.33)
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Good afternoon all,

I haven't been seen or heard for a long while on the list and that's
because our wu-ftpd beta-18 have been working exactly as intended!!
Till yesterday:

By accident I discovered the following behaviour:

When logging in as a guest user with ws-ftp ver. 4.12 fom Windows 95
and sending files to the server, the names of which contained 8-bit
characters, those file names didn't show on the list in the right
window of the client; not only that: most of the other files wouldn't
list either till I went to the server and removed the file with such
characters in its name.

Wrong list? Client problem? FAQ? I think not. Listen:

1. This erratic behaviour happens only with guest logins. When I log in
as a real user everything works fine (I can list the very same
directory on the server with the very same client correctly whether
the file names there have 8-bit characters or not). I can't see how
ws-ftp could possibly know anything about what kind of user I have
logged in as.

2. The same error occurs whith passive ftp, e.g. when I log in from
Netscape with ftp://user@institution.domain.se.

So: A plausible conclusion must be that the cause is with wu-ftpd.
(NB: The files make it to the server and their names are OK on the
server, i.e. the 8-bit characters look fine or are converted
correctly to the UNIX encoding (though I think it's basically the
same encoding vector as in Windows)).

The UNIX is Solaris 2.5.1. on a SUN Ultra 1 (and I have rebooted the
machine a couple of times between the errors).

Does anyone have any idea what all this could mean?

Hopeful Regards,
Stig
------------------------------------------------------------
Stig Isaksson
Dialekt- och ortnamnsarkivet
Helgonabacken 14
S-223 62 LUND
S W E D E N
tel.: +46 46 222 74 68 fax: +46 46 15 23 81
e-mail: [email protected]
http://www.dal.lu.se/

<Forstaor MIME Understands MIME>
------------------------------------------------------------

From [email protected] Fri Feb 12 11:10:40 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id LAA18456;
Fri, 12 Feb 1999 11:10:39 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id LAA11588;
Fri, 12 Feb 1999 11:07:21 -0600 (CST)
Received: from gator.adeptscience.co.uk (gator.adeptscience.co.uk [193.116.153.5])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id LAA11820
for <[email protected]>; Fri, 12 Feb 1999 11:05:38 -0600 (CST)
Received: from porthos.ourway.org (async249-147.async.duke.edu [152.3.249.147])
by gator.adeptscience.co.uk (8.8.8/8.8.7) with SMTP id RAA00853
for <[email protected]>; Fri, 12 Feb 1999 17:05:19 GMT
(envelope-from [email protected])
Message-Id: <[email protected]>
Date: Fri, 12 Feb 1999 12:05:47 -0500
Reply-To: [email protected]
Sender: [email protected]
From: Charles Reese <[email protected]>
To: [email protected]
Subject: strange upgrade problem with tcpd
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Sender: [email protected]
X-Mailer: Windows Eudora Light Version 1.5.4 (32)
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

I am upgrading from BETA 18 to BETA 18VR13 and I have come across a strange
problem. On two machines all has gone well but on the thrid the old version
refuses to disappear. If I telnet to No. 3 I get the version:

Version wu-2.4.2-academ[BETA-18](1)

on the other ones I get:

Version wu-2.4.2-academ[BETA-18-VR13](1)

as expected.

Now here is the strange part. I am running tcp_wrappers on both machines
with the line:
ftp stream tcp nowait root /usr/local/libexec/tcpd ftpd -l -a

if I change that to:
ftp stream tcp nowait root /usr/local/libexec/ftpd -l -a

it shows the new vesion number:
Version wu-2.4.2-academ[BETA-18-VR13](1)

and if I put the tcpd back in it again reverts back to 18(1).

Any Ideas
Cheers

Charlie Reese

One Unix to Rule them all, One Resolver to Find them,
One IP to Name them all, In the Zone that Binds them.

From [email protected] Fri Feb 12 11:18:08 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id LAA18517;
Fri, 12 Feb 1999 11:18:08 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id LAA00195;
Fri, 12 Feb 1999 11:13:43 -0600 (CST)
Received: from quartz.nbnet.nb.ca (mailserv.nbnet.nb.ca [198.164.200.18])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id LAA10600
for <[email protected]>; Fri, 12 Feb 1999 11:10:32 -0600 (CST)
Received: from ASGTechnologies.com ([198.164.220.73]) by quartz.nbnet.nb.ca
(Post.Office MTA v3.1.2 release (PO203-101c)
ID# 607-54382U75000L75000S0V35) with ESMTP id AAA29895;
Fri, 12 Feb 1999 13:10:31 -0400
Message-Id: <[email protected]>
Date: Fri, 12 Feb 1999 13:11:37 -0400
Reply-To: [email protected]
Sender: [email protected]
From: Cameron Lemon <[email protected]>
To: [email protected]
Cc: [email protected]
Subject: Re: strange upgrade problem with tcpd
References: <[email protected]>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="------------E778B7CDC9526849301549C9"
X-Mailer: Mozilla 4.5 [en] (WinNT; I)
X-Accept-Language: en
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

This is a multi-part message in MIME format.
--------------E778B7CDC9526849301549C9
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Just a shot in the dark here, but check your path. Looks like the older FTPD is
found before the newer version.

Charles Reese wrote:

> I am upgrading from BETA 18 to BETA 18VR13 and I have come across a strange
> problem. On two machines all has gone well but on the thrid the old version
> refuses to disappear. If I telnet to No. 3 I get the version:
>
> Version wu-2.4.2-academ[BETA-18](1)
>
> on the other ones I get:
>
> Version wu-2.4.2-academ[BETA-18-VR13](1)
>
> as expected.
>
> Now here is the strange part. I am running tcp_wrappers on both machines
> with the line:
> ftp stream tcp nowait root /usr/local/libexec/tcpd ftpd -l -a
>
> if I change that to:
> ftp stream tcp nowait root /usr/local/libexec/ftpd -l -a
>
> it shows the new vesion number:
> Version wu-2.4.2-academ[BETA-18-VR13](1)
>
> and if I put the tcpd back in it again reverts back to 18(1).
>
> Any Ideas
> Cheers
>
> Charlie Reese
>
> One Unix to Rule them all, One Resolver to Find them,
> One IP to Name them all, In the Zone that Binds them.

--------------E778B7CDC9526849301549C9
Content-Type: text/x-vcard; charset=us-ascii;
name="Cameron.Lemon.vcf"
Content-Transfer-Encoding: 7bit
Content-Description: Card for Cameron Lemon
Content-Disposition: attachment;
filename="Cameron.Lemon.vcf"

begin:vcard
n:Lemon;Cameron
tel;fax:506.460.5411
tel;work:506.460.5400
x-mozilla-html:FALSE
url:www.asgtechnologies.com
org:Atlantic Systems Group;Professional Services
version:2.1
email;internet:[email protected]
title:Systems & Network Architect
adr;quoted-printable:;;Garland Court=0D=0AIncuTech Centre;Fredericton;New Brunswick;E3B 6C2;Canada
fn:Cameron Lemon
end:vcard

--------------E778B7CDC9526849301549C9--

From [email protected] Fri Feb 12 11:24:45 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id LAA18603;
Fri, 12 Feb 1999 11:24:44 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id LAA13202;
Fri, 12 Feb 1999 11:20:15 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id LAA00334
for <[email protected]>; Fri, 12 Feb 1999 11:18:40 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id MAA07118;
Fri, 12 Feb 1999 12:18:09 -0500
Message-Id: <[email protected]>
Date: Fri, 12 Feb 1999 12:18:09 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: Charles Reese <[email protected]>
Cc: [email protected]
Subject: Re: strange upgrade problem with tcpd
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Fri, 12 Feb 1999, Charles Reese wrote

> and if I put the tcpd back in it again reverts back to 18(1).

sounds like a search PATH problem. tcpd isn't looking where you've
installed the newer version. could be in the environment or compiled into
tcpd.

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Fri Feb 12 11:36:05 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id LAA18730;
Fri, 12 Feb 1999 11:36:05 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id LAA13822;
Fri, 12 Feb 1999 11:32:55 -0600 (CST)
Received: from gator.adeptscience.co.uk (gator.adeptscience.co.uk [193.116.153.5])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id LAA13708
for <[email protected]>; Fri, 12 Feb 1999 11:31:07 -0600 (CST)
Received: from porthos.ourway.org (async249-147.async.duke.edu [152.3.249.147])
by gator.adeptscience.co.uk (8.8.8/8.8.7) with SMTP id RAA02244
for <[email protected]>; Fri, 12 Feb 1999 17:31:01 GMT
(envelope-from [email protected])
Message-Id: <[email protected]>
Date: Fri, 12 Feb 1999 12:31:25 -0500
Reply-To: [email protected]
Sender: [email protected]
From: Charles Reese <[email protected]>
To: [email protected]
Subject: Solved was Re: strange upgrade problem with tcpd
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Sender: [email protected]
X-Mailer: Windows Eudora Light Version 1.5.4 (32)
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Thanks for the quick responses. It was a path problem, I was fooled by ftpd
not being in any of the dircectories in the current path. I thought it just
looked in the same directory that it was in itself. It must be compiled in
the program to use /usr/libexec instead of /usr/local/libexec.

Thanks Again for the SPEEDY help. I actually saw one response before my own
message came back to me!

Cheers
Charlie Reese
One Unix to Rule them all, One Resolver to Find them,
One IP to Name them all, In the Zone that Binds them.

From [email protected] Fri Feb 12 11:56:36 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id LAA18945;
Fri, 12 Feb 1999 11:56:36 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id LAA16152;
Fri, 12 Feb 1999 11:52:12 -0600 (CST)
Received: from nis.acs.uci.edu (nis.acs.uci.edu [128.200.16.34])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id LAA16169
for <[email protected]>; Fri, 12 Feb 1999 11:46:09 -0600 (CST)
Received: from nis.acs.uci.edu (bingy.acs.uci.edu [128.200.34.36]) by nis.acs.uci.edu (8.8.8/) with ESMTP id JAA13564 for <[email protected]>; Fri, 12 Feb 1999 09:46:03 -0800 (PST)
Message-Id: <[email protected]>
Date: Fri, 12 Feb 1999 09:46:02 -0800
Reply-To: [email protected]
Sender: [email protected]
From: Dan Stromberg <[email protected]>
To: [email protected]
Subject: BeroFTPD 1.2.3 on solaris 2?
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Sender: [email protected]
X-Mailer: Mozilla 4.5 [en] (X11; I; SunOS 5.7 sun4u)
X-Accept-Language: en
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Does anyone have BeroFTPD 1.2.3 running correctly on Solaris?

I compiled on 2.5.1, and am testing the binaries on 7, but ultimately we
plan to use this on a bunch of different solaris versions all >= 2.5.1.

Everything compiled fine, but when I try to log in, I get:

bingy-strombrg> ftp localhost
Connected to localhost.
220 bingy.acs.uci.edu FTP server (BeroFTPD 1.2.3(1) Thu Feb 11 10:26:28
PST 1999) ready.
Name (localhost:strombrg):
331 Password required for strombrg.
Password:
530 Login incorrect.
Login failed.
ftp>

I've used wuftpd on this same host without trouble for a long time. My
shell is listed in /etc/shells. My inetd.conf entry looks like:

ftp stream tcp nowait root /usr/sbin/tcpd
/dcs/packages/BeroFTPD/sbin/BeroFTPD

I'm not trying to set up anonymous on this machine, just normal logins.

Any hints? Any success reports?

From [email protected] Fri Feb 12 12:48:12 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id MAA19563;
Fri, 12 Feb 1999 12:48:12 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id MAA16109;
Fri, 12 Feb 1999 12:43:47 -0600 (CST)
Received: from ljcqs016.cnf.com ([205.185.108.239])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id MAA22373
for <[email protected]>; Fri, 12 Feb 1999 12:41:09 -0600 (CST)
Received: from cnfvs008.cnf.com (cnfvs008.cnf.com [10.0.2.114])
by ljcqs016.cnf.com (8.8.7/8.8.7) with ESMTP id KAA21863;
Fri, 12 Feb 1999 10:39:54 -0800 (PST)
Received: by cnfvs008.cnf.com with Internet Mail Service (5.5.2232.9)
id <1YGC6Y62>; Fri, 12 Feb 1999 10:39:47 -0800
Message-Id: <[email protected]>
Date: Fri, 12 Feb 1999 10:40:05 -0800
Reply-To: [email protected]
Sender: [email protected]
From: "Speier, Guy J - CNF" <[email protected]>
To: "'[email protected]'" <[email protected]>
Cc: [email protected]
Subject: VR
MIME-Version: 1.0
Content-Type: text/plain
X-Mailer: Internet Mail Service (5.5.2232.9)
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Could someone please let me know where I can download beta 18 with all
current
VR patches already included in the code, and an estimate of when the next
will
be available.

thanks
Guy

From [email protected] Fri Feb 12 13:26:08 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id NAA20124;
Fri, 12 Feb 1999 13:26:07 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id NAA27764;
Fri, 12 Feb 1999 13:22:39 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id NAA25354
for <[email protected]>; Fri, 12 Feb 1999 13:17:29 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id OAA09231;
Fri, 12 Feb 1999 14:17:19 -0500
Message-Id: <[email protected]>
Date: Fri, 12 Feb 1999 14:17:19 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: "Speier, Guy J - CNF" <[email protected]>
Cc: [email protected]
Subject: Re: VR
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Fri, 12 Feb 1999, Speier, Guy J - CNF wrote:

> Could someone please let me know where I can download beta 18 with all
> current VR patches already included in the code, and an estimate of
> when the next will be available.

ftp://ftp.vr.net/pub/wu-ftpd/

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Fri Feb 12 14:11:41 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id OAA20796;
Fri, 12 Feb 1999 14:11:39 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id OAA29860;
Fri, 12 Feb 1999 14:08:18 -0600 (CST)
Received: from pizza.hvu.nl (Pizza.hvu.nl [145.89.234.2])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id OAA30989
for <[email protected]>; Fri, 12 Feb 1999 14:02:47 -0600 (CST)
Received: (from koos@localhost) by pizza.hvu.nl (8.8.6/KH19980502 (dbm++)) id VAA07819; Fri, 12 Feb 1999 21:02:43 +0100 (MET)
Message-Id: <[email protected]>
Date: Fri, 12 Feb 1999 21:02:43 +0100
Reply-To: [email protected]
Sender: [email protected]
From: Koos van den Hout _U nix and we all_ <[email protected]>
To: Stig Isaksson <[email protected]>
Cc: [email protected]
Subject: Re: Erratic listing
In-Reply-To: <[email protected]>; from Stig Isaksson on Fri, Feb 12, 1999 at 05:20:12PM +0000
References: <[email protected]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.95i
X-Zen: Ommmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm
X-Files: the truth is out there
X-I-Am-Not-Simes: There is only one Simes
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Quoting Stig Isaksson who wrote on Fri, Feb 12, 1999 at 05:20:12PM +0000:

The first thing I am thinking of here is a difference in NLS settings
between the guest environment and the other environments. Those can
influence the representation of highbit characters.

> When logging in as a guest user with ws-ftp ver. 4.12 fom Windows 95
> and sending files to the server, the names of which contained 8-bit
> characters, those file names didn't show on the list in the right

> server, i.e. the 8-bit characters look fine or are converted
> correctly to the UNIX encoding (though I think it's basically the
> same encoding vector as in Windows)).

ISO-8859-1 and that is the same encoding for both xterm and Windows95.

Koos van den Hout

--
Koos van den Hout Expertisecentrum Cetis http://cetis.nl/
[email protected] (Work) Workphonenumber: +31-30-2586287
[email protected] (Home) Workfaxnumber: +31-30-2586290
http://web.cetis.hvu.nl/~koos/ PGP keyid RSA/1024 0xCA845CB5 via keyservers

From [email protected] Fri Feb 12 14:32:45 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id OAA21158;
Fri, 12 Feb 1999 14:32:45 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id OAA02368;
Fri, 12 Feb 1999 14:29:22 -0600 (CST)
Received: from gate-sl1.mdli.com (ns2.mdli.com [208.200.221.3])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id OAA00074
for <[email protected]>; Fri, 12 Feb 1999 14:23:25 -0600 (CST)
Received: (from smap@localhost)
by gate-sl1.mdli.com (8.8.8/8.8.8) id MAA20321
for <[email protected]>; Fri, 12 Feb 1999 12:14:47 -0800 (PST)
Received: from puffin.mdli.com(191.254.19.10) by gate-sl1.mdli.com via smap (V2.1)
id xma020319; Fri, 12 Feb 99 12:14:43 -0800
Received: from hawk.mdli.com by puffin.mdli.com (8.8.5/BCH1.0)
id MAA17900; Fri, 12 Feb 1999 12:22:49 -0800 (PST)
Received: by hawk.mdli.com (980427.SGI.8.8.8/930416.SGI.AUTO)
for [email protected] id MAA18191; Fri, 12 Feb 1999 12:22:49 -0800 (PST)
Message-Id: <[email protected]>
Date: Fri, 12 Feb 1999 12:22:49 -0800
Reply-To: [email protected]
Sender: [email protected]
From: "David Mostardi" <[email protected]>
To: [email protected]
Subject: wu upgrade -> ftpaccess ignored
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Z-Mail (3.2.3 08feb96 MediaMail)
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

In response to the recent CERT advisory, I upgraded my
wu-ftp from 2.4 to 2.4.2-beta18-vr13. The immediate consequence
is that the /etc/ftpaccess file is now ignored. The command
"strings ftpd|grep ftpaccess" reports "/etc/ftpaccess",
so I've got it in the right place.

Ring any bells?

Thank you,
------------------------------------------------------------------------
David Mostardi Web: http://www.mdli.com
Unix Systems Manager Email: [email protected]
MDL Information Systems, Inc. Voice: (510) 357-2222 x1420
14600 Catalina St., San Leandro CA 94577 Fax: (510) 352-2870

-- "When in danger or in doubt, run in circles, scream and shout"

From [email protected] Fri Feb 12 14:35:00 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id OAA21204;
Fri, 12 Feb 1999 14:34:59 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id OAA01583;
Fri, 12 Feb 1999 14:31:45 -0600 (CST)
Received: from eagle.webpros.com (eagle.professionals.com [206.127.192.10])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id OAA31935
for <[email protected]>; Fri, 12 Feb 1999 14:25:13 -0600 (CST)
Received: from adm1-data-1 (adm1-data-1.noc.bizli.net [206.127.192.19]) by eagle.webpros.com (8.8.7/8.6.10) with SMTP id MAA07633 for <[email protected]>; Fri, 12 Feb 1999 12:25:12 -0800 (PST)
Message-Id: <[email protected]>
Date: Fri, 12 Feb 1999 12:25:45 -0800 (PST)
Reply-To: Sanjay Dani <[email protected]>
Sender: [email protected]
From: Sanjay Dani <[email protected]>
To: [email protected]
Subject: VR13 upgrade and guestgroup problems
MIME-Version: 1.0
Content-Type: TEXT/plain; charset=us-ascii
Content-MD5: zrh72OZkMcKrjr8iI3gC+Q==
X-Mailer: dtmail 1.3.0 CDE Version 1.3 SunOS 5.7 i86pc i386
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Hi All,

I just upgraded wu-2.4.2-academ[BETA-18](2) on Solaris 2.6
to wu-2.4.2-academ[BETA-18-VR13](1) following the CERT
advisory. (Thank you vr.net!).

Did not change the ftpaccess file. inetd continues to call
the daemon with -ioa options.

All services including virtual domain support continue to work.
However, the guestgroup feature for users with directory
names like /export/home/sanjay/./ doesn't.

/etc/ftpaccess:

guestgroup <group name of the above user>

Any suggestions?

Thanks!
Sanjay.

---------------------------------------------------------------
Web Professionals, Inc. Direct: +1 408-863-4850
20111 Stevens Creek Blvd, Suite 145 Biz/NOC: +1 408-863-4848
Cupertino CA 95014 USA http://serverhosting.net
---------------------------------------------------------------
-=- Data Center Server Hosting Inside an Internet Exchange -=-

From [email protected] Fri Feb 12 14:44:30 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id OAA21293;
Fri, 12 Feb 1999 14:44:30 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id OAA01924;
Fri, 12 Feb 1999 14:41:19 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id OAA01068
for <[email protected]>; Fri, 12 Feb 1999 14:35:47 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id PAA10458;
Fri, 12 Feb 1999 15:35:26 -0500
Message-Id: <[email protected]>
Date: Fri, 12 Feb 1999 15:35:26 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: David Mostardi <[email protected]>
Cc: [email protected]
Subject: Re: wu upgrade -> ftpaccess ignored
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Fri, 12 Feb 1999, David Mostardi wrote:

> In response to the recent CERT advisory, I upgraded my wu-ftp from 2.4
> to 2.4.2-beta18-vr13. The immediate consequence is that the
> /etc/ftpaccess file is now ignored. The command "strings ftpd|grep
> ftpaccess" reports "/etc/ftpaccess", so I've got it in the right
> place.
>
> Ring any bells?

Add -a to the command line. 2.4 assumed the access file. Some time ago
Stan changed 2.4.2 to assume no access file without -a. don't ask me why
the change.

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Fri Feb 12 14:50:40 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id OAA21376;
Fri, 12 Feb 1999 14:50:40 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id OAA00678;
Fri, 12 Feb 1999 14:47:30 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id OAA27756
for <[email protected]>; Fri, 12 Feb 1999 14:45:25 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id PAA10551;
Fri, 12 Feb 1999 15:45:11 -0500
Message-Id: <[email protected]>
Date: Fri, 12 Feb 1999 15:45:11 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: Sanjay Dani <[email protected]>
Cc: [email protected]
Subject: Re: VR13 upgrade and guestgroup problems
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Fri, 12 Feb 1999, Sanjay Dani wrote:

> All services including virtual domain support continue to work.
> However, the guestgroup feature for users with directory names like
> /export/home/sanjay/./ doesn't.
>
> /etc/ftpaccess:
>
> guestgroup <group name of the above user>
>
> Any suggestions?

things to look for, random order, and I'm just guessing here:

- user isn't listed EXPLICITLY on the guestgroup in /etc/group

- typo on a line somewhere in /etc/passwd or /etc/group
- watch line endings and non-printing characters

- check out my example site
ftp://ftp.vr.net/pub/wu-ftpd/examples/

- ~sanjay/etc/passwd or group file has the user but doesn't agree
with /etc/passwd or group .. make it agree >>relative to chroot<<
you'll see this in the example site

- might wanna browse the FAQ

wu-ftpd Resource Center: http://www.landfield.com/wu-ftpd/
wu-ftpd FAQ: http://www.cetis.hvu.nl/~koos/wu-ftpd-faq.html
wu-ftpd list archive: http://www.landfield.com/wu-ftpd/mail-archive/

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Fri Feb 12 14:57:31 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id OAA21459;
Fri, 12 Feb 1999 14:57:30 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id OAA06199;
Fri, 12 Feb 1999 14:54:21 -0600 (CST)
Received: from rhino.nlm.nih.gov (rhino.nlm.nih.gov [130.14.73.25])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id OAA05717
for <[email protected]>; Fri, 12 Feb 1999 14:53:07 -0600 (CST)
Received: from rhino (rhino [130.14.73.25])
by rhino.nlm.nih.gov (8.9.1/8.9.1) with SMTP id PAA01405
for <[email protected]>; Fri, 12 Feb 1999 15:53:05 -0500 (EST)
Message-Id: <[email protected]>
Date: Fri, 12 Feb 1999 15:53:05 -0500 (EST)
Reply-To: Mark Silverman <[email protected]>
Sender: [email protected]
From: Mark Silverman <[email protected]>
To: [email protected]
Subject: BUG in wu-2.4.2-academ[BETA-18-VR13
MIME-Version: 1.0
Content-Type: TEXT/plain; charset=us-ascii
Content-MD5: BqCS1/unoPH1xaziu3580w==
X-Mailer: dtmail 1.2.0 CDE Version 1.2 SunOS 5.6 sun4u sparc
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

I believe I have found a bug in the ftpaccess processing
in BETA-18-VR13.

In access.c, in the function hostmatch(), prior to checking for a
hostname/domain glob match, you need to check for an IP glob
match as follows:

fclose(incfile);
return(found);
}
+ else if (isdigit(*addr))
+ { /* mls 2-12-99: Match numeric IP glob */
+ return(!fnmatch(addr, remoteaddr, NULL));
+ }
else

{ /* match a hostname or hostname glob */
char *addrncase,*hostncase;

This is how it appeared to work in BETA-15.

+------------------------------------------+
| Mark Silverman > |
| National Library of Medicine /|\ |
| Voice: (301) 496-3012 / | \ |
| Fax: (301) 480-1957 /__|__\ |
| [email protected] \___|__/ |
| |
| How can you be in two places at once |
| when you're not anywhere at all? (FsT) |
+------------------------------------------+

From [email protected] Fri Feb 12 15:17:29 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id PAA21725;
Fri, 12 Feb 1999 15:17:28 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id PAA06394;
Fri, 12 Feb 1999 15:14:10 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id PAA07804
for <[email protected]>; Fri, 12 Feb 1999 15:10:25 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id QAA10927;
Fri, 12 Feb 1999 16:10:11 -0500
Message-Id: <[email protected]>
Date: Fri, 12 Feb 1999 16:10:10 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: Mark Silverman <[email protected]>
Cc: [email protected]
Subject: Re: BUG in wu-2.4.2-academ[BETA-18-VR13
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Fri, 12 Feb 1999, Mark Silverman wrote:

> I believe I have found a bug in the ftpaccess processing in
> BETA-18-VR13.
>
> In access.c, in the function hostmatch(), prior to checking for a
> hostname/domain glob match, you need to check for an IP glob match as
> follows:

That check was taken out because it was matching too many hosts and
presented a security threat. Consider a host

127.attacker.example.net [192.168.1.2]

and the ftpaccess clause

class localuser real 127.*.*.*

the original code, which your patch re-installs, allows the attacker
access to your machine.

I have a patch submitted earlier today from another person who noticed the
change which does not suffer from this problem. I will be using his patch
in VR15, due out at the beginning of the month. If you need his patch
sooner, email me and I'll send it along to you; if I get enough requests,
I'll put in in my unsupported area until it goes into VR15.

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Fri Feb 12 15:30:20 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id PAA21823;
Fri, 12 Feb 1999 15:30:20 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id PAA07269;
Fri, 12 Feb 1999 15:27:11 -0600 (CST)
Received: from nis.acs.uci.edu (nis.acs.uci.edu [128.200.16.34])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id PAA25436
for <[email protected]>; Fri, 12 Feb 1999 15:22:54 -0600 (CST)
Received: from nis.acs.uci.edu (bingy.acs.uci.edu [128.200.34.36]) by nis.acs.uci.edu (8.8.8/) with ESMTP id NAA28345 for <[email protected]>; Fri, 12 Feb 1999 13:22:44 -0800 (PST)
Message-Id: <[email protected]>
Date: Fri, 12 Feb 1999 13:22:42 -0800
Reply-To: [email protected]
Sender: [email protected]
From: Dan Stromberg <[email protected]>
To: [email protected]
Subject: Re: BeroFTPD 1.2.3 on solaris 2?
References: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Sender: [email protected]
X-Mailer: Mozilla 4.5 [en] (X11; I; SunOS 5.7 sun4u)
X-Accept-Language: en
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Someone requested in personal e-mail that I report if this started working.

It did. On the non-anonymous configuration, I needed a "-A" in inetd.conf.

For the anonymous configuration, everything just flew in switching from
wuftpd.

So far, that is. That's one test machine and one production machine down,
and about 10 more machines to go.

Dan Stromberg wrote:

> Does anyone have BeroFTPD 1.2.3 running correctly on Solaris?
>
> I compiled on 2.5.1, and am testing the binaries on 7, but ultimately we
> plan to use this on a bunch of different solaris versions all >= 2.5.1.
>
> Everything compiled fine, but when I try to log in, I get:
>
> bingy-strombrg> ftp localhost
> Connected to localhost.
> 220 bingy.acs.uci.edu FTP server (BeroFTPD 1.2.3(1) Thu Feb 11 10:26:28
> PST 1999) ready.
> Name (localhost:strombrg):
> 331 Password required for strombrg.
> Password:
> 530 Login incorrect.
> Login failed.
> ftp>
>
> I've used wuftpd on this same host without trouble for a long time. My
> shell is listed in /etc/shells. My inetd.conf entry looks like:
>
> ftp stream tcp nowait root /usr/sbin/tcpd
> /dcs/packages/BeroFTPD/sbin/BeroFTPD
>
> I'm not trying to set up anonymous on this machine, just normal logins.
>
> Any hints? Any success reports?

From [email protected] Fri Feb 12 16:08:59 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id QAA22250;
Fri, 12 Feb 1999 16:08:58 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id QAA14774;
Fri, 12 Feb 1999 16:05:46 -0600 (CST)
Received: from gw1.bfg.com (gateway.bfg.com [131.187.253.2])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id QAA27832
for <[email protected]>; Fri, 12 Feb 1999 16:01:05 -0600 (CST)
Received: (from uucp@localhost)
by gw1.bfg.com (8.8.8/8.8.8) id RAA18878;
Fri, 12 Feb 1999 17:00:49 -0500 (EST)
Received: from ns1.bfg.com(192.73.67.20) by gw1.bfg.com via smap (V2.1)
id sma018467; Fri, 12 Feb 99 17:00:04 -0500
Received: from localhost (keller@localhost)
by ns1.bfg.com (8.8.8/8.8.8) with SMTP id QAA12272;
Fri, 12 Feb 1999 17:00:01 -0500 (EST)
Message-Id: <[email protected]>
Date: Fri, 12 Feb 1999 16:59:59 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Ted Keller <[email protected]>
To: Gregory A Lundberg <[email protected]>
Cc: Sanjay Dani <[email protected]>, [email protected]
Subject: Re: VR13 upgrade and guestgroup problems
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Sometime back I did a lot of experimenting to get the guest group thing
working. I posted the results on the list - and Greg was able to indicate
the correct choices at that time. Attached is this discussion.....

Hope this helps.

ted keller - bfg.com

--------------------------------------------------------------------

On Wed, 13 Jan 1999, Ted Keller wrote:

> I'm running the wuftpd-2.4.2-beta-18 with the vr11 patches. As I
> configure the upload directories, I am getting confusing results.

> If my upload record looks like....
>
> upload /ftp/pm/testftp/pub /incoming yes keller pmtest 0640 dirs
>
> and my /etc/passwd look like ....
>
> testftp:x:1034:170:test ftp system:/ftp/pm/testftp/pub/./:/bin/true
>
> everything works correctly.

This is how you should do it. This upload clause will also work with the
passwd entry in your next attempt.

> However, if I have an upload record which looks like.....
>
> upload /ftp/pm/testftp /pub/incoming yes keller pmtest 0640 dirs
>
> and a password entry which looks like
>
> testftp:x:1034:170:test ftp system:/ftp/pm/testftp/./pub:/bin/true
>
> uploaded files become owned by testftp instead of keller.

If you test, you'll find this upload isn't working at all.

> It would appear that, according to the ftpaccess man page, that both
> of these configurations should work and assign ownership to the user
> keller.

The man pages are quite confusing at points, this is one of them.

Back, years ago, guests where chroot'd to their home directories and there
was no /./ syntax for the passwd file home directory. The man pages were
written at that time and the reference to 'root' was synonymous with
'home'.

With the addition of /./ to the passwd file two problems arose. First,
the match wasn't against the 'root' part, it was against the 'home'.
Second, the upload clause needed to have /./ in it as well.

For a long time I'd been having trouble defining upload clauses which
worked. If fact, it turned out that often the upload clauses weren't
being used and the only thing protecting my FTP sites was the Unix
permissions.

So, of course, I decided to try to fix things. My first tests with the VR
patches were to believe 'root' as documented and test only against that
part. Problem was, it broke the ability to have different upload clauses
for users with the same 'root' and different 'home's.

I re-thought the problem. What's been happening was the /./ was in the
passwd file and not in the upload clause. Easy enough to fix .. what the
VR patches do is pass both paths (the upload's 'root' and the directory
uploading to) through realpath() before comparing them.

Next problem. If I had users with different 'root' but the same relative
'home' (the part after /./) the upload clause could not tell the
difference between them. So I added the chroot path to the front of the
uploaded directory name.

Bernard, on behalf of the NEWVIRT folk, complained that the addition of
the chroot to the front of the path broke NEWVIRT virtual hosts, so I
added the absolute|relative|- option to allow you to choose.

--

On Fri, 12 Feb 1999, Gregory A Lundberg wrote:

> On Fri, 12 Feb 1999, Sanjay Dani wrote:
>
> > All services including virtual domain support continue to work.
> > However, the guestgroup feature for users with directory names like
> > /export/home/sanjay/./ doesn't.
> >
> > /etc/ftpaccess:
> >
> > guestgroup <group name of the above user>
> >
> > Any suggestions?
>
> things to look for, random order, and I'm just guessing here:
>
> - user isn't listed EXPLICITLY on the guestgroup in /etc/group
>
> - typo on a line somewhere in /etc/passwd or /etc/group
> - watch line endings and non-printing characters
>
> - check out my example site
> ftp://ftp.vr.net/pub/wu-ftpd/examples/
>
> - ~sanjay/etc/passwd or group file has the user but doesn't agree
> with /etc/passwd or group .. make it agree >>relative to chroot<<
> you'll see this in the example site
>
> - might wanna browse the FAQ
>
> wu-ftpd Resource Center: http://www.landfield.com/wu-ftpd/
> wu-ftpd FAQ: http://www.cetis.hvu.nl/~koos/wu-ftpd-faq.html
> wu-ftpd list archive: http://www.landfield.com/wu-ftpd/mail-archive/
>
> --
>
> Gregory A Lundberg Senior Partner, VRnet Company
> 1441 Elmdale Drive [email protected]
> Kettering, OH 45409-1615 USA 1-800-809-2195
>

From [email protected] Fri Feb 12 16:35:37 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id QAA22541;
Fri, 12 Feb 1999 16:35:36 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id QAA04949;
Fri, 12 Feb 1999 16:32:17 -0600 (CST)
Received: from supermail.globaldialog.com ([email protected] [156.46.122.14])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id QAA09862
for <[email protected]>; Fri, 12 Feb 1999 16:31:10 -0600 (CST)
Received: from gdinet.com (bofh.globaldialog.com [156.46.122.207])
by supermail.globaldialog.com (8.9.1/8.9.1) with ESMTP id QAA06794
for <[email protected]>; Fri, 12 Feb 1999 16:31:09 -0600 (CST)
Message-Id: <[email protected]>
Date: Fri, 12 Feb 1999 16:29:19 -0600
Reply-To: [email protected]
Sender: [email protected]
From: Jesse Trucks <[email protected]>
To: [email protected]
Subject: Virtual FTP auth errors on upgrade to VR13
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Mailer: Mozilla 4.5 [en] (WinNT; U)
X-Accept-Language: en
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Today I upgraded the wu-ftpd-2.4.2-beta-13 to
wu-ftpd-2.4.2-beta-18-vr13. I made sure to add the -DVIRTUAL CFLAG, and
compiled for BSDi 3.1 using the build bdi command. I am using the same
config files I was using for the previous install. I made sure the -a
flag was set in inetd.conf with the following line:

ftp stream tcp nowait root /usr/libexec/tcpd ftpd -l
-a

Otherwise that line is not changed from the previous version. Also, I
have tried the server with the following inetd.conf entry as well:

ftp stream tcp nowait root /usr/libexec/ftpd -l -a

Both give the same results, which follow:

The main ftp host answers and authenticates for any user, including
anonymous access. The two virtual hosts have anonymous access fully
functional, but NO non-anonymous user will authenticate.

Is there a major change that I have missed in the change logs or search
of the archive or site that explains what I may be doing wrong here? Any
help would be greatly appreciated.
Thanks!

--
Jesse Trucks
[email protected]
System Administrator
Global Dialog Internet

From [email protected] Fri Feb 12 21:07:45 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id VAA04403;
Fri, 12 Feb 1999 21:07:44 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id VAA03517;
Fri, 12 Feb 1999 21:04:33 -0600 (CST)
Received: from mailbox2.ucsd.edu (mailbox2.ucsd.edu [132.239.1.54])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id VAA00897
for <[email protected]>; Fri, 12 Feb 1999 21:02:17 -0600 (CST)
Received: from eel.ucsd.edu (eel.ucsd.edu [132.239.16.13])
by mailbox2.ucsd.edu (8.9.1a/8.9.1) with ESMTP id TAA27340
for <@ucsd.edu:[email protected]>; Fri, 12 Feb 1999 19:02:16 -0800 (PST)
Received: by eel.ucsd.edu (980427.SGI.8.8.8/940406.SGI)
for [email protected] id TAA22107; Fri, 12 Feb 1999 19:02:16 -0800 (PST)
Message-Id: <[email protected]>
Date: Fri, 12 Feb 1999 19:02:15 -0800
Reply-To: [email protected]
Sender: [email protected]
From: "Mona Wong" <[email protected]>
To: [email protected]
Subject: wu-ftpd VR?
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Z-Mail (3.2.3 08feb96 MediaMail)
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Hi:

I've been off the wu-ftpd email list for quite some time so excuse my
ignorance; I did check the wu-ftpd FAQ for the answer to my question but didn't
find it.

Basically, I understand wu-ftpd VR offers some advantages over wu-ftpd.
However, why the name difference? Is it a different package or just a rename
of wu-ftpd?

Mona

--
==================================================================
Mona Wong
graphics / visualization programmer wanna-be & web fool-arounder
National Center for Microscopy and Imaging Research
University of California, San Diego
http://www-ncmir.ucsd.edu
==================================================================

From [email protected] Fri Feb 12 21:20:37 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id VAA05701;
Fri, 12 Feb 1999 21:20:36 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id VAA05235;
Fri, 12 Feb 1999 21:17:26 -0600 (CST)
Received: from light.lightlink.com ([email protected] [205.232.34.1])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id VAA26509
for <[email protected]>; Fri, 12 Feb 1999 21:12:28 -0600 (CST)
Received: from lightlink.com (homer@localhost)
by light.lightlink.com (8.8.8/8.8.8) id WAA25105;
Fri, 12 Feb 1999 22:12:30 -0500 (EST)
Message-Id: <[email protected]>
Date: Fri, 12 Feb 1999 22:12:28 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Homer Wilson Smith <[email protected]>
To: FTP MAILING LIST <[email protected]>
Subject: SunOS and VR13
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Running SunOS 4.1.4 ftp beta 18 VR 13.

Can someone tell me why I am getting the following can't
find cwdir?

Works like a champ in linux.

Thanks Homer

Script started on Fri Feb 12 22:09:34 1999
superoot majesty/root/bat: ftp majesty
Connected to majesty.lightlink.com.
220 majesty.lightlink.com FTP server (Version wu-2.4.2-academ[BETA-18-VR13](1) Wed Feb 10 17:29:35 EST 1999) ready.
Name (majesty:root): homer
331 Password required for homer.
Password:
230 User homer logged in.
ftp> ls
200 PORT command successful.
553 Could not determine cwdir: Invalid argument.
ftp> quit
150 Opening ASCII mode data connection for file list.
superoot majesty/root/bat: ^Dexit

script done on Fri Feb 12 22:09:51 1999

------------------------------------------------------------------------
Homer Wilson Smith The paths of lovers Art Matrix - Lightlink
(607) 277-0959 cross in Internet Access, Ithaca NY
[email protected] the line of duty. http://www.lightlink.com

From [email protected] Fri Feb 12 22:12:26 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id WAA08399;
Fri, 12 Feb 1999 22:12:25 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id WAA09146;
Fri, 12 Feb 1999 22:09:17 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id WAA08769
for <[email protected]>; Fri, 12 Feb 1999 22:05:33 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id XAA19412;
Fri, 12 Feb 1999 23:05:29 -0500
Message-Id: <[email protected]>
Date: Fri, 12 Feb 1999 23:05:28 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: Mona Wong <[email protected]>
Cc: [email protected]
Subject: Re: wu-ftpd VR?
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Fri, 12 Feb 1999, Mona Wong wrote:

> Basically, I understand wu-ftpd VR offers some advantages over
> wu-ftpd. However, why the name difference? Is it a different package
> or just a rename of wu-ftpd?

I view the VR version as a series of patches to the Academ version 2.4.2
(beta-18). For the first few months that's all they were. So many
features had been requested, and so many bugs/design flaws found, that it
soon became too much to expect people to apply diffs and I started putting
out prepatched tarballs. Obviously, with that much difference, there
should be some difference in the version string so you can tell which
you're running. Why VR? -----------+ I could'a called it GL, I guess.
|
-- |
V
Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Fri Feb 12 22:38:26 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id WAA10865;
Fri, 12 Feb 1999 22:38:25 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id WAA02197;
Fri, 12 Feb 1999 22:35:21 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id WAA00446
for <[email protected]>; Fri, 12 Feb 1999 22:28:41 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id XAA19546;
Fri, 12 Feb 1999 23:28:09 -0500
Message-Id: <[email protected]>
Date: Fri, 12 Feb 1999 23:28:09 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: Homer Wilson Smith <[email protected]>
Cc: WU-FTPD Discussion List <[email protected]>
Subject: Re: SunOS and VR13
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Fri, 12 Feb 1999, Homer Wilson Smith wrote:

> ftp> ls
> 200 PORT command successful.
> 553 Could not determine cwdir: Invalid argument.
> ftp> quit
> 150 Opening ASCII mode data connection for file list.

I see two things going on here.

The first is serious if for no other reason than it caused the second. The
553/cwdir occurs only in upl_check() when, for some reason, the real
pathname of the current working directory could not be determined. Start
by checking the consistency of the server when the user logs in; do a pwd
command immedeately: is it what you expected? If not, correct the
_global_ (system) /etc/passwd entry for the user and retest. Do a cwd to
move to the user's home and another pwd: still correct? No, correct the
_local_ (chroot'd) etc/passwd and retest. If you still have a problem,
look for reasons why the root-user would not be able to determine the real
pathname of the current working directory. This could be an NFS problem
(which I thought was fixed), or a symlink used in /etc/passwd which isn't
valid once we've chroot'd. If you're still stumped, follow up to me and
we'll work through it off the list.

The second just shows what happens when a Turing Machine breaks down.
The 150 appearing after the quit is because you're running a state-driven
client and it was confused by the 553 appearing where it did and the
daemon continuing on its way. It occurs because somewhere in the
spaghetti code we call 'wu-ftpd' something didn't check a return status,
or did but didn't handle it properly. I chase these down as they are
found. I believe I already have a fix for this one, but I'll check to be
sure.

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Sat Feb 13 02:54:25 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id CAA16536;
Sat, 13 Feb 1999 02:54:25 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id CAA20043;
Sat, 13 Feb 1999 02:49:53 -0600 (CST)
Received: from mrknox.lanl.gov (mrknox.lanl.gov [128.165.5.25])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id CAA30989
for <[email protected]>; Sat, 13 Feb 1999 02:47:30 -0600 (CST)
Received: from [128.165.7.219] (ts-usr-219.lanl.gov [128.165.7.219])
by mrknox.lanl.gov (8.8.6 (PHNE_14041)/8.8.6) with ESMTP id BAA14821
for <[email protected]>; Sat, 13 Feb 1999 01:47:28 -0700 (MST)
Message-Id: <v04103d02b2eaeadcb14f@[128.165.7.219]>
Date: Sat, 13 Feb 1999 01:47:39 -0700
Reply-To: [email protected]
Sender: [email protected]
From: John McDermon <[email protected]>
To: [email protected]
Subject: exiting on signal 10
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
X-Sender: [email protected]
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Hi All,
I just installed wu-ftpd-2.4.2-beta-18-vr13 on HP-UX 10.20 (finally
got it to compile the way I wanted).

But, now when I try to connect I get the login prompt, but as soon as
I enter a username and hit retirn I get:

421 Service not available, remote server has closed connection
Login failed.
No control connection for command: No such file or directory

Even with the -v option all the syslog shows is:
Feb 13 01:19:55 machine_name ftpd[15916]: exiting on signal 10

I searched the archives and saw that Marco Bano had the same problem
in Sep 98, but I didn't see any replies.

Got any ideas? (Marco, if you're out there, did you get it fixed?)
--John

+--------------------------+--------------------------+
| John McDermon | Workstation and Server |
| MS F608, CIC-2 | Team Leader |
| Los Alamos National Lab | voice: (505)667-7315 |
| Los Alamos, NM 87545 | cell: (505)699-4910 |
| "my opinions are my own" | fax: (505)665-1002 |
| http://www.lanl.gov/home/jmcdermo |
+--------------------------+--------------------------+

From [email protected] Sat Feb 13 09:04:55 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id JAA19080;
Sat, 13 Feb 1999 09:04:55 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id JAA19030;
Sat, 13 Feb 1999 09:00:36 -0600 (CST)
Received: from ramses.lu.se (ramses.lu.se [130.235.132.90])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id IAA04901
for <[email protected]>; Sat, 13 Feb 1999 08:59:49 -0600 (CST)
Received: from lu-dal2.dal.lu.se (lu-dal2.dal.lu.se [130.235.143.210] (may be forged))
by ramses.lu.se (8.9.0/8.9.0) with ESMTP id QAA22281;
Sat, 13 Feb 1999 16:00:36 +0100 (MET)
Received: from LU-DAL2/SpoolDir by lu-dal2.dal.lu.se (Mercury 1.43);
13 Feb 99 16:51:36 +0100
Received: from SpoolDir by LU-DAL2 (Mercury 1.43); 13 Feb 99 16:51:08 +0100
Message-Id: <[email protected]>
Date: Sat, 13 Feb 1999 16:51:04 GMT+200
Reply-To: [email protected]
Sender: [email protected]
From: "Stig Isaksson" <[email protected]>
To: [email protected]
Cc: [email protected]
Subject: Re: Erratic listing
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
X-pmrqc: 1
X-mailer: Pegasus Mail for Windows (v2.33)
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Hi again,

On 12 Feb 99 at 21:02, Koos van den Hout _U nix and wrote:

> The first thing I am thinking of here is a difference in NLS settings
> between the guest environment and the other environments. Those can
> influence the representation of highbit characters.

That seems to me extremely plausible. Evidently I should copy some
file or files from /usr/lib (?) to ~/usr/lib (?). Only, which
file(s)? I gave it a try with libnls.a but to no avail. I realise
this may be system dependent. Could you advise me further?

Best Regards,
Stig
------------------------------------------------------------
Stig Isaksson
Dialekt- och ortnamnsarkivet
Helgonabacken 14
S-223 62 LUND
S W E D E N
tel.: +46 46 222 74 68 fax: +46 46 15 23 81
e-mail: [email protected]
http://www.dal.lu.se/

<Forstaor MIME Understands MIME>
------------------------------------------------------------

From [email protected] Sun Feb 14 08:46:10 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id IAA00127;
Sun, 14 Feb 1999 08:46:10 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id IAA12805;
Sun, 14 Feb 1999 08:41:30 -0600 (CST)
Received: from fog.ccsf.cc.ca.us ([email protected] [147.144.1.3])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id IAA11096
for <[email protected]>; Sun, 14 Feb 1999 08:33:07 -0600 (CST)
Received: from sol.ccsf.cc.ca.us (sol.ccsf.cc.ca.us [147.144.20.31])
by fog.ccsf.cc.ca.us (8.8.6 (PHNE_14041)/8.8.6) with SMTP id GAA29691
for <[email protected]>; Sun, 14 Feb 1999 06:33:00 -0800 (PST)
Received: from localhost by sol.ccsf.cc.ca.us (SMI-8.6/SMI-SVR4)
id GAA10335; Sun, 14 Feb 1999 06:32:57 -0800
Message-Id: <[email protected]>
Date: Sun, 14 Feb 1999 06:32:57 -0800 (PST)
Reply-To: "Joe R. Jah" <[email protected]>
Sender: [email protected]
From: "Joe R. Jah" <[email protected]>
To: [email protected]
Subject: BeroFTPD 1.3.3 on solaris 2.5 rejects real users;(
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Hi Folks,

I have been running BeroFTPD pre 1.0, wu.ftpd.1.6.1, for quite some time
without a problem. The recent hubbub about the security hole prompted me
to install 1.3.3 yesterday; I setup a couple of guest accounts and made
some changes to ftpaccess file; I also added a few executables, gzip, tar,
etc. to ~ftp/usr/bin directory. Now real users cannot login to ftp; only
guest and anonymous users can login. I even backed out and used the older
binary, but real users are still rejected;(

I run ftpck with the following result:
______________________________________________________________
WARNING: ftpservers file /etc/ftpservers missing.
Only needed if you're using virtual hosts.
**WARNING: /etc/ftpaccess: 13: This directive
is known to BeroFTPD, but can't be checked with ftpck yet.
You have to verify its correctness yourself.
**WARNING: /etc/ftpaccess: 74: This directive
is known to BeroFTPD, but can't be checked with ftpck yet.
You have to verify its correctness yourself.
**WARNING: /etc/ftpaccess: 75: This directive
is known to BeroFTPD, but can't be checked with ftpck yet.
You have to verify its correctness yourself.
**WARNING: /etc/ftpaccess: 76: This directive
is known to BeroFTPD, but can't be checked with ftpck yet.
You have to verify its correctness yourself.
WARNING: ftphosts file /etc/ftphosts missing.
Only needed if using BeroFTPD HOST ACCESS features.
WARNING: ftpgroups file /etc/ftpgroups missing.
Only needed if supporting SITE GROUP and SITE GPASS.
______________________________________________________________

Where:
line 13: guestuser user1,user2
line 74: incmail [email protected]
line 75: mailfrom [email protected]
line 76: mailserver localhost

I appreciate any pointers.

TIA,

Joe

_/ _/_/_/ _/ ____________ __o
_/ _/ _/ _/ ______________ _-\<,_
_/ _/ _/_/_/ _/ _/ ......(_)/ (_)
_/_/ oe _/ _/. _/_/ ah [email protected]

From [email protected] Sun Feb 14 15:45:49 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id PAA03104;
Sun, 14 Feb 1999 15:45:48 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id PAA04315;
Sun, 14 Feb 1999 15:41:21 -0600 (CST)
Received: from fog.ccsf.cc.ca.us ([email protected] [147.144.1.3])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id PAA16306
for <[email protected]>; Sun, 14 Feb 1999 15:38:39 -0600 (CST)
Received: from sol.ccsf.cc.ca.us (sol.ccsf.cc.ca.us [147.144.20.31])
by fog.ccsf.cc.ca.us (8.8.6 (PHNE_14041)/8.8.6) with SMTP id NAA12515
for <[email protected]>; Sun, 14 Feb 1999 13:38:37 -0800 (PST)
Received: from localhost by sol.ccsf.cc.ca.us (SMI-8.6/SMI-SVR4)
id NAA11064; Sun, 14 Feb 1999 13:38:36 -0800
Message-Id: <[email protected]>
Date: Sun, 14 Feb 1999 13:38:36 -0800 (PST)
Reply-To: "Joe R. Jah" <[email protected]>
Sender: [email protected]
From: "Joe R. Jah" <[email protected]>
To: [email protected]
Subject: Re: BeroFTPD 1.3.3 on solaris 2.5 rejects real users;(SOLVED;)
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Hi Folks,

Never mind; I solved the problem;) This system had never had an
/etc/shells file! It never complained about it either, until yesterday
when I created the two guest accounts and had to create an /etc/shells to
place the /etc/ftponly "sudo" shell in it. I neglected to put "real"
shells in it as well, thereby disabling "real" users from ftp logins;(

AW, today as soon as I inserted "real" shells in /etc/shells file,
everything started working as expected. BeroFTPD 1.3.3 is a great,
stable, feature rich ftp server;)

Thank you.

Joe

_/ _/_/_/ _/ ____________ __o
_/ _/ _/ _/ ______________ _-\<,_
_/ _/ _/_/_/ _/ _/ ......(_)/ (_)
_/_/ oe _/ _/. _/_/ ah [email protected]

From [email protected] Mon Feb 15 00:48:51 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id AAA07268;
Mon, 15 Feb 1999 00:48:50 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id AAA26239;
Mon, 15 Feb 1999 00:44:10 -0600 (CST)
Received: from rins.st.ryukoku.ac.jp (rins.st.ryukoku.ac.jp [133.83.4.1])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id AAA26225
for <[email protected]>; Mon, 15 Feb 1999 00:36:22 -0600 (CST)
Received: from hyperion.st.ryukoku.ac.jp (hyperion.st.ryukoku.ac.jp [133.83.36.7])
by rins.st.ryukoku.ac.jp (8.8.8+2.7Wbeta7/3.6W/RINS-1.9.5-NOSPAM) with ESMTP id PAA21589
for <[email protected]>; Mon, 15 Feb 1999 15:36:20 +0900 (JST)
Received: from hyperion.st.ryukoku.ac.jp (kjm@localhost [127.0.0.1])
by hyperion.st.ryukoku.ac.jp (8.8.8/3.6Wbeta7/kjm-1.2) with ESMTP id PAA25519
for <[email protected]>; Mon, 15 Feb 1999 15:36:20 +0900 (JST)
Message-Id: <[email protected]>
Date: Mon, 15 Feb 1999 15:36:19 +0900
Reply-To: [email protected]
Sender: [email protected]
From: [email protected] (KOJIMA Hajime)
To: FTP MAILING LIST <[email protected]>
Subject: Re: SunOS and VR13
In-Reply-To: Your message of "Fri, 12 Feb 1999 22:12:28 EST"
References: <[email protected]>
X-Sender: [email protected]
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

In <[email protected]>,
Homer Wilson Smith wrote:
|
| Running SunOS 4.1.4 ftp beta 18 VR 13.
|
| Can someone tell me why I am getting the following can't
| find cwdir?
...
| ftp> ls
| 200 PORT command successful.
| 553 Could not determine cwdir: Invalid argument.

This is a patch that I am using our SunOS 4.1.3_U1:

--- ./src/realpath.c.dist Wed Feb 10 17:26:26 1999
+++ ./src/realpath.c Wed Feb 10 17:26:51 1999
@@ -118,7 +118,11 @@
/* Save the starting point. */
errno = 0;
#ifdef HAS_NO_FCHDIR
+#ifdef HAS_GETCWD
pcwd = getcwd(cwd, sizeof (cwd));
+#else
+ pcwd = getwd(cwd);
+#endif
#else
fd = open(".", O_RDONLY);
#endif

And, if you execute C2conv, you must #define HAS_NO_FCHDIR in
config.h.

----
KOJIMA Hajime - Ryukoku University, Seta, Ootsu, Shiga, 520-2194 Japan
[Office] [email protected], http://www.st.ryukoku.ac.jp/~kjm/

From [email protected] Mon Feb 15 11:21:17 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id LAA12850;
Mon, 15 Feb 1999 11:21:15 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id LAA30929;
Mon, 15 Feb 1999 11:16:29 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id LAA12205
for <[email protected]>; Mon, 15 Feb 1999 11:00:06 -0600 (CST)
Received: (from lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) id MAA18548
for [email protected]; Mon, 15 Feb 1999 12:00:03 -0500
Message-Id: <[email protected]>
Date: Mon, 15 Feb 1999 12:00:00 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: WU-FTPD Discussion List <[email protected]>
Subject: VR mirrors
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

The VR updates for WU-FTPD include additional features requested over the
years by the user community and includes a number of bug fixes for both the
base 2.4.2 (beta-18) release and earlier VR updates.

The primary distribution site for these updates is:

ftp://ftp.vr.net/pub/wu-ftpd/

Mirrors are available at the following sites:

Japan
-----

Ring Server Project
-------------------
<ftp://ftp.ring.gr.jp/pub/net/wu-ftpd/>
<http://www.ring.gr.jp/archives/net/wu-ftpd/>

<ftp://ring.aist.go.jp/pub/net/wu-ftpd/>
<http://ring.aist.go.jp/archives/net/wu-ftpd/>

<ftp://ring.asahi-net.or.jp/pub/net/wu-ftpd/>
<http://ring.asahi-net.or.jp/archives/net/wu-ftpd/>

<ftp://ring.so-net.ne.jp/pub/net/wu-ftpd/>
<http://ring.so-net.ne.jp/archives/net/wu-ftpd/>

<ftp://ring.nacsis.ac.jp/pub/net/wu-ftpd/>
<http://ring.nacsis.ac.jp/archives/net/wu-ftpd/>

<ftp://ring.etl.go.jp/pub/net/wu-ftpd/>
<http://ring.etl.go.jp/archives/net/wu-ftpd/>

Other Japan sites
-----------------
ftp://ftp.win.ne.jp/pub/network/wu-ftpd/

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Mon Feb 15 11:34:40 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id LAA12977;
Mon, 15 Feb 1999 11:34:39 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id LAA19322;
Mon, 15 Feb 1999 11:31:22 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id LAA00257
for <[email protected]>; Mon, 15 Feb 1999 11:00:06 -0600 (CST)
Received: (from lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) id MAA18544
for [email protected]; Mon, 15 Feb 1999 12:00:03 -0500
Message-Id: <[email protected]>
Date: Mon, 15 Feb 1999 12:00:00 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: WU-FTPD Discussion List <[email protected]>
Subject: [VR14] Security update for wu-ftpd 2.4.2 (beta 18) VR13
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

The VR14 updates for WU-FTPD 2.4.2 (beta-18) is now available.

This is a security update. If you are running any version of wu-ftpd
prior to this version, you are STRONGLY encouraged to upgrade. There
are no new features in this version.

Four separate security issues are corrected by this update. All are
described below; all but the last were discovered since the release of
the VR13 update on Feburary 1, 1999. Due to the nature of the three
recently discovered problems, it was felt prudent to put out a mid-month
update rather than wait until the normal update on the 1st of the month.
I can only say I wish the recent Netect Advisory and subsequent CERT
Advisory had been released a little later so these issues could have been
addressed prior to the massive downloading of VR13 over the past week.

===========================================================================

SECURITY UPDATE

PASV Port Race Attack
---------------------
On Monday, February 8, 1999, Bret McDanel <[email protected]> posted a claim
on the WU-FTPD Discussion List <[email protected]> that he "wrote a
program and released it last week" which implemented a PASV port-race
attack utilizing a well-known vulnerability in the FTP protocol.

Furthermore, he claimed to have an "unreleased version [which] ... loops
forever logging to files, and changes the port range that it scans so that
it keeps up with the new ports that the server issues." As proof, he
claims, "My program against [a large, well-known commercial FTP site]
worked quite well ... it got a hit every second or two. This is quite
high (I knew [the site] would have a lot of activity so it seemed a good
'final test' area)."

CONTEXT OF THE ATTACK

The FTP protocol uses two TCP connections: the control connection where the
client issues commands to the server, and the data connection. There are
two modes of operation for the data connection: PORT and PASV. Using PORT
mode, the client listens on a non-privileged port for a TCP connection from
the server. With PASV mode, the server listens for a connection from the
client. Both modes are required by the RFC to provide for the possibility
of server-to-server transfers (mirrors).

Since virtually all web browsers use PASV mode data connections, the number
of PASV data transfers has increased dramatically over the past few years.

An attacker may make use of this behavior to steal a PASV data connection
to the server in the interval between the server's openning of the port and
the client's attempt to connect to the server on that port. When this
occurs, the client will most likely get a 'connection refused' or 'port
already in use' error and retry the transfer (or, more likely, the human
operator will retry).

A successful attack CANNOT be used to directly break into the server. This
is a attack against the data transfer, using a vulnerability designed into
the FTP protocol, and does not rely upon any errors in the design or
implementation of the server.

This attack can be used to gain unauthorized access to sensitive
information being transmitted from the server to the client. In all
likelihood, neither the server nor the client would be aware the theft had
occurred. Such an attack could be used, for instance, to obtain copies of
paid-for, licensed software updates or circumvent the export-controls used
by the FTP site to restrict the distribution of cyrptographic software.

A successful attack can also be used to transmit information of the
attacker's choosing into the server. Unless some external means of
verification is used, the FTP site could process or re-distribute this
bogus information. The attack could be used, for instance, to randomly
replace files transferred between public FTP sites during mirror runs, or
to insert Trojaned programs into an author's site for later distribution.

WHO IS VULNERABLE

Most FTP servers rely upon the operating system to choose the actual TCP
port for use by the PASV data connection. Unfortunately, many systems use
a linear search for an available port making it possible for a third party
to guess which port will be used for a future transfer. Some FTP servers
choose the port themselves, but suffer from the same deficiency.

The WU-FTPD server traditionally has relied upon the underlying system to
assign the PASV port. In version 2.4.2 (Beta 18) VR5, the ability to limit
the range of ports used for PASV data connections was added which used a
linear search to select a port number within the range.

Prior to the VR14 update, the wu-ftpd daemon would report when a PASV
connection was received from a client IP-address which did not match the
IP-address of the client's control connection.

DEFENSES

The FTP Security Extensions (FTP-SEC, RFC 2228) provide for cryptographic
authentication and encryption of the FTP session rendering the PASV port
race attack ineffective. Other methods, such as tunnelling FTP through the
Secure Socket Layer (SSL, http://www.netscape.com/newsref/std/SSL.html )
can also be used. Unfortunately, none of these methods have achieved
widespread use.

Using a randomly selected TCP port for the PASV data connection makes the
attack much more difficult. While not eliminating the possibility of
success, the attacker must either wait for a given port to be used or
attempt to scan a large number of ports very quickly. The success of this
defense depends upon the attacker not being able to guess the port number
which will next be used by the server. With this VR14 update, the daemon
always uses a randomly selected port number.

The FTP server can also prevent a PASV race attack from third party sites
by refusing to tranfer any information when the IP-address of the client on
the control connection does not match the IP-address of the client on the
PASV data connection. Traditionally, wu-ftpd has reported this condition
but taken no other action. With the VR14 update, the server will no longer
accept data when the addresses to not match. Since this makes the server
not strictly compliant with the RFC, a compile-time option is provided to
disable this feature.

===========================================================================

SECURITY UPDATE

Stack buffer overruns
---------------------
Ian Willis <[email protected]> discovered that extremely long file pathnames
could result in an overrun of the stack buffer used to record the transfer
log. These errors were discovered during a code read-through.

This error appears in all versions of wu-ftpd prior to this VR14 update.

There are no known tests or attacks for this overrun. It is unknown, and
appears very unlikely, the server could be compromised by this means.

Viljar Tulit <[email protected]> discovered during a code read-through
that a number of stack buffers were defined using BUFSIZ rather than
MAXPATHLEN and were being used in a context where MAXPATHLEN was correct.

This error appeared in the VR5 update as part of the network throughput
limiting feature. Servers compiled without this feature do not have this
error.

There are no known tests or attacks for this overrun. It is unknown, but
appears it may be possible, the server could be compromised by this means.

===========================================================================

SECURITY UPDATE

NOOP denial of service
----------------------
The VR3 update disabled the use of the NOOP command to bypass the idle time
limits enforced by the server. The VR8 update made this a compile-time
option.

Oliver Billmann <[email protected]> discovered this feature was not
working.

The effect of this error is simply that users may use the NOOP command to
hold a control connection open indefinitely, thus reducing the number of
available slots for the connection class (limit clause) and denying others
access to the server. A number of popular FTP clients provide a NOOP
anti-idle feature.

===========================================================================

SECURITY UPDATE

Slowing password guessers
-------------------------
In the VR8 update, a number of changes were made to prevent probing the
server to determine valid usernames. Earlier versions of the daemon
responded differently to valid, invalid usernames and valid names which
are allowed to log in via FTP (listed in /etc/ftpusers). This behavior
could be used by an attacker to determine whether certain usernames exist
on the FTP host.

The wu-ftpd server has traditionally used an increasing-period sleep after
each unsuccessful login attempt in an effort to slow password guessers.
Unforunately, with the VR8 changes, this sleep was occuring at a point when
the alarm signal was masked, causing the daemon to freeze permanently.
While the causes of this were researched, the VR versions did not include
this sleep. Most FTP sites limit the number of login attempts (loginfails)
to some small number (typically 3 or 5) so the risk of password guessers
being undetected was judged to be relatively low.

This VR14 update re-institutes the sleep after each failed login attempt.

===========================================================================

The VR updates for WU-FTPD include additional features requested over the
years by the user community and includes a number of bug fixes for both the
base 2.4.2 (beta-18) release and earlier VR updates.

These are available as both patches and pre-patched tarballs at:

ftp://ftp.vr.net/pub/wu-ftpd/

MD5 Package
--- -------
572233edabebba5077b7ad317058192f wu-ftpd-2.4.2-beta-18-vr14.tar.Z
db4403de07667babbadbbd1ae72f0799 wu-ftpd-2.4.2-beta-18-vr14.tar.gz

bcd74875a953676ba9f8de4c315f9712 wu-ftpd-2.4.2-beta-18-vr3.patch
863e294eddfe2c772cd9c541372c7e1d wu-ftpd-2.4.2-beta-18-vr4.patch
8f7d523eff5785a901d8ec9330e7b2a4 wu-ftpd-2.4.2-beta-18-vr5.patch
891ea301ab535e3aa55c5da4c3b3dd37 wu-ftpd-2.4.2-beta-18-vr6.patch
dc1672289c2da25880f7c63f21b37122 wu-ftpd-2.4.2-beta-18-vr7.patch
602b1431727261a4b16340853f6d81c3 wu-ftpd-2.4.2-beta-18-vr8.patch
9eee17b78a3a245dd71476e9426baaa0 wu-ftpd-2.4.2-beta-18-vr9.patch
c85059908d124be5a6a9c8331c5322c0 wu-ftpd-2.4.2-beta-18-vr10.patch
fb9596c5950cee6bad0e0d70fa168ccf wu-ftpd-2.4.2-beta-18-vr11.patch
caaeceacb995768c8f99628fe54af798 wu-ftpd-2.4.2-beta-18-vr12.patch
1ee90ee4ba0df2be01c7b3151584e5d4 wu-ftpd-2.4.2-beta-18-vr13.patch
06a7bb970ae9a0f0223851b28337638f wu-ftpd-2.4.2-beta-18-vr14.patch

If you take just the patch files, please remember: they are cumulative.
you cannot apply fixes from one set without earlier sets already having
been applied. The first set for BETA-18 is VR3; VR1 and VR2 were for
BETA-17 only.

Pre-compiled binaries for VR14 are not yet available. The earlier binaries
will remain available until newer versions are ready. Check the binaries
directory to see if a pre-compiled version is has become available for your
platform since this notice was drafted.

This is a list of fixes to BETA 18 with VR13 applied from [email protected]
---------------------------------------------------------------------------
Bret McDanel <[email protected]> claims to have written and released to the
wild an attack utilizing the old, well-known PASV port race designed into
the FTP protocol. To make it harder for this race to succeed, do not
depend upon the underlying system to randomly choose the PASV port.

Disallow PASV connections from IP addresses different than the control
connection. This is not a complete fix, but it will stop connection theft
where the attacker is on a different machine than the victim-client.

Ian Willis <[email protected]> has discovered still more buffer-overflow points
which can cause problems. This time it's in the writing of the xferlog.
Sigh. This really should be rewritten but his quick fix is good enough.

Back in VR8 I turned off the sleep slowing down password guessers because
there are times when signals can be off when the sleep occurs and that
would hang the daemon. Let's fix that and re-enable the sleep.

Coranth Gryphon <[email protected]> points out the reason debug doesn't
work in daemon-mode is it's initialized too late.

Oliver Billmann <[email protected]> discovered the anti-NOOP code
didn't work. The timer was being restarted too often.

Viljar Tulit <[email protected]> points out the size of a buffer used by
the *_realpath() functions is BUFSIZ and should be MAXPATHLEN. Actually,
this is the case many places in extensions.c so I changed 'em all.

Ian Willis <[email protected]> noted there were points where multiple replies
due to realpath() returning an error could hang the remote client. Removed
the extra replies.

Ian Willis <[email protected]> submitted corrections for SecureWare systems so
the daemon can build on SCO OpenServer 5.

Jordan Ritter <[email protected]> reported a compile error for quotas on
Linux; seems Redhat or someone forgot to #include a file. His patch should
fix that.

Jacques Distler <[email protected]> noted dumb coding mistakes in
realpath.c and provided updates for building on NextStep 3.3 (nx3).

Ayamura Kikuchi <[email protected]> notes that the correction for SCO has
an effect on Digital Unix with C2 (SECUREOSF) and provided a correction.

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Mon Feb 15 13:13:35 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id NAA14051;
Mon, 15 Feb 1999 13:13:34 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id NAA10971;
Mon, 15 Feb 1999 13:09:07 -0600 (CST)
Received: from ljcqs016.cnf.com ([205.185.108.239])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id NAA27801
for <[email protected]>; Mon, 15 Feb 1999 13:02:42 -0600 (CST)
Received: from cnfvs008.cnf.com (cnfvs008.cnf.com [10.0.2.114])
by ljcqs016.cnf.com (8.8.7/8.8.7) with ESMTP id LAA26411
for <[email protected]>; Mon, 15 Feb 1999 11:02:09 -0800 (PST)
Received: by cnfvs008.cnf.com with Internet Mail Service (5.5.2232.9)
id <1YGC7GM4>; Mon, 15 Feb 1999 11:02:02 -0800
Message-Id: <[email protected]>
Date: Mon, 15 Feb 1999 11:02:05 -0800
Reply-To: [email protected]
Sender: [email protected]
From: "Speier, Guy J - CNF" <[email protected]>
To: WU-FTPD Discussion List <[email protected]>
Subject: permissions
MIME-Version: 1.0
Content-Type: text/plain
X-Mailer: Internet Mail Service (5.5.2232.9)
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Hello,

Would someone be kind enough to tell me what the permissions and
ownership
should be for all files relating to static ls that I have set up an
my machine.

Also, I'd like to make it impossible to mail-bomb an ftp user, so
what should I
have in .forward? I can't simply pipe it to a file like /dev/null,
can I?

thanks
Guy

From [email protected] Mon Feb 15 13:25:13 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id NAA14268;
Mon, 15 Feb 1999 13:25:11 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id NAA21821;
Mon, 15 Feb 1999 13:21:53 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id NAA30898
for <[email protected]>; Mon, 15 Feb 1999 13:20:42 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id OAA20175;
Mon, 15 Feb 1999 14:20:36 -0500
Message-Id: <[email protected]>
Date: Mon, 15 Feb 1999 14:20:36 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: "Speier, Guy J - CNF" <[email protected]>
Cc: WU-FTPD Discussion List <[email protected]>
Subject: Re: permissions
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Mon, 15 Feb 1999, Speier, Guy J - CNF wrote:

> Would someone be kind enough to tell me what the permissions and
> ownership should be for all files relating to static ls that I have
> set up an my machine.

~ftp/dev/null and ~ftp/bin/ls are the _minimum_ set (and all I need for
Linux). Some systems need other devices; check the FAQ. If you want names
instead of numbers you need ~ftp/etc/passwd and ~ftp/etc/group. My
example site shows all this, with minimum permissions.

ftp://ftp.vr.net/pub/wu-ftpd/examples/

> Also, I'd like to make it impossible to mail-bomb an ftp user, so what
> should I have in .forward? I can't simply pipe it to a file like
> /dev/null, can I?

Delete the .forward and do it in your sendmail aliases instead. There you
can pipe it to /dev/null if you want, although sending the mail to a real
user is sorta nice since people will try ftp@ and the email given in
ftpaccess if they're having trouble with your site.

--

wu-ftpd Resource Center: http://www.landfield.com/wu-ftpd/
wu-ftpd FAQ: http://www.cetis.hvu.nl/~koos/wu-ftpd-faq.html
wu-ftpd list archive: http://www.landfield.com/wu-ftpd/mail-archive/

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Mon Feb 15 15:20:45 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id PAA15599;
Mon, 15 Feb 1999 15:20:43 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id PAA08874;
Mon, 15 Feb 1999 15:14:30 -0600 (CST)
Received: from manduca.neurobio.arizona.edu ([email protected] [128.196.108.2])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id PAA04686
for <[email protected]>; Mon, 15 Feb 1999 15:06:02 -0600 (CST)
Received: from localhost (tyuhas@localhost)
by manduca.neurobio.arizona.edu (8.9.2/8.9.0.Beta5) with SMTP id OAA17869
for <[email protected]>; Mon, 15 Feb 1999 14:11:14 -0700 (MST)
Message-Id: <Pine.SUN.3.96.990215140656.17833A-100000@manduca.neurobio.arizona.edu>
Date: Mon, 15 Feb 1999 14:11:14 -0700 (MST)
Reply-To: [email protected]
Sender: [email protected]
From: Terrill Yuhas <[email protected]>
To: [email protected]
Subject: SunOS 4.1.3_U1 compile problems
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

I first tried to compile 2.4.2-beta-18-vr13 but kept getting errors when
compiling ftpd due to a missing library (-liberty). I couldn't find
anything about that library but then vr14 came up so I thought I'd try
that. Now I get:

Making ftpd.
gcc -g -I.. -I../support -L../support -target sun4 -c ftpd.c
ftpd.c: In function `passive':
ftpd.c:5185: `RAND_MAX' undeclared (first use this function)
ftpd.c:5185: (Each undeclared identifier is reported only once
ftpd.c:5185: for each function it appears in.)
*** Error code 1
make: Fatal error: Command failed for target `ftpd.o'

I'm using gcc as a compiler and have tried it on one machine with gcc
2.7.0 and the other with 2.8.1 (both are SunOS 4.1.3_U1). The other
components compile without errors.

Thanks for any suggestions,

Terrill

From [email protected] Mon Feb 15 15:35:36 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id PAA15845;
Mon, 15 Feb 1999 15:35:35 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id PAA05630;
Mon, 15 Feb 1999 15:32:22 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id PAA07933
for <[email protected]>; Mon, 15 Feb 1999 15:31:00 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id QAA21400;
Mon, 15 Feb 1999 16:30:20 -0500
Message-Id: <[email protected]>
Date: Mon, 15 Feb 1999 16:30:19 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: Terrill Yuhas <[email protected]>
Cc: [email protected]
Subject: Re: SunOS 4.1.3_U1 compile problems
In-Reply-To: <Pine.SUN.3.96.990215140656.17833A-100000@manduca.neurobio.arizona.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Mon, 15 Feb 1999, Terrill Yuhas wrote:

> ftpd.c:5185: `RAND_MAX' undeclared (first use this function)

Some runtimes are more ANSI/ISO compliant than others. :P

Append the following line to src/config/config.<system>

#define RAND_MAX 32767

and hope that's the correct value (or call your OS vendor to find out). I
have a report of this for SunOS 4.1 (s41); anyone else please let me khow
so I can add the fix to VR15.

Also, take a peak in /usr/include/limits.h and let me know if RAND_MAX is
there or not.

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Mon Feb 15 16:51:12 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id QAA16686;
Mon, 15 Feb 1999 16:51:11 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id QAA17451;
Mon, 15 Feb 1999 16:46:20 -0600 (CST)
Received: from manduca.neurobio.arizona.edu ([email protected] [128.196.108.2])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id QAA07018
for <[email protected]>; Mon, 15 Feb 1999 16:37:53 -0600 (CST)
Received: from arakkis (arakkis.neurobio.Arizona.EDU [128.196.108.64])
by manduca.neurobio.arizona.edu (8.9.2/8.9.0.Beta5) with SMTP id PAA19966;
Mon, 15 Feb 1999 15:42:20 -0700 (MST)
Message-Id: <[email protected]>
Date: Mon, 15 Feb 1999 15:37:06 -0700
Reply-To: [email protected]
Sender: [email protected]
From: "Terrill Yuhas" <[email protected]>
To: Gregory A Lundberg <[email protected]>
Cc: [email protected]
Subject: Re: SunOS 4.1.3_U1 compile problems
In-Reply-To: <[email protected]>
References: <Pine.SUN.3.96.990215140656.17833A-100000@manduca.neurobio.arizona.edu>
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
X-mailer: Pegasus Mail for Win32 (v3.01d)
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

> On Mon, 15 Feb 1999, Terrill Yuhas wrote:
>
> > ftpd.c:5185: `RAND_MAX' undeclared (first use this function)
>
> Some runtimes are more ANSI/ISO compliant than others. :P
>
> Append the following line to src/config/config.<system>
>
> #define RAND_MAX 32767
>
> and hope that's the correct value (or call your OS vendor to find out). I
> have a report of this for SunOS 4.1 (s41); anyone else please let me khow
> so I can add the fix to VR15.

After I appended that line, it compiles/runs fine.

> Also, take a peak in /usr/include/limits.h and let me know if RAND_MAX is
> there or not.

Couldn't find the RAND_MAX statement.

Terrill

From [email protected] Mon Feb 15 17:25:07 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id RAA17050;
Mon, 15 Feb 1999 17:25:06 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id RAA31931;
Mon, 15 Feb 1999 17:21:49 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id RAA30541
for <[email protected]>; Mon, 15 Feb 1999 17:16:58 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id SAA22384;
Mon, 15 Feb 1999 18:16:30 -0500
Message-Id: <[email protected]>
Date: Mon, 15 Feb 1999 18:16:30 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: Terrill Yuhas <[email protected]>
Cc: [email protected]
Subject: Re: SunOS 4.1.3_U1 compile problems
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Mon, 15 Feb 1999, Terrill Yuhas wrote:

> > #define RAND_MAX 32767
> >
> > and hope that's the correct value (or call your OS vendor to find out). I
> > have a report of this for SunOS 4.1 (s41); anyone else please let me khow
> > so I can add the fix to VR15.
>
> After I appended that line, it compiles/runs fine.
>
> > Also, take a peak in /usr/include/limits.h and let me know if RAND_MAX is
> > there or not.
>
> Couldn't find the RAND_MAX statement.

Drat. The peril of 'guessing' the value like this is it it's too small
the PASV port randomizer can overrun the array of valid ports assinging
invalid port numbers. If it's too large the randomizer will not use all
the available ports.

I like the gcc posting a while ago which indicates the problem is cleanly
solvable.

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Mon Feb 15 17:39:09 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id RAA17192;
Mon, 15 Feb 1999 17:39:08 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id RAA04026;
Mon, 15 Feb 1999 17:34:44 -0600 (CST)
Received: from molbio.unmc.edu (molbio.unmc.edu [137.197.214.37])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id RAA24713
for <[email protected]>; Mon, 15 Feb 1999 17:29:14 -0600 (CST)
Received: from windsurf2 by molbio.unmc.edu (SMI-8.6/SMI-SVR4)
id RAA12122; Mon, 15 Feb 1999 17:33:29 -0600
Message-Id: <[email protected]>
Date: Mon, 15 Feb 1999 17:29:28 -0600
Reply-To: [email protected]
Sender: [email protected]
From: Chad Price <[email protected]>
To: [email protected]
Subject: Re: SunOS 4.1.3_U1 compile problems
In-Reply-To: <[email protected]>
References: <[email protected]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Sender: [email protected]
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

At 04:30 PM 2/15/1999 -0500, you wrote:

>#define RAND_MAX 32767
>
>and hope that's the correct value (or call your OS vendor to find out). I
>have a report of this for SunOS 4.1 (s41); anyone else please let me khow
>so I can add the fix to VR15.
>
>Also, take a peak in /usr/include/limits.h and let me know if RAND_MAX is
>there or not.

It's not there under Solaris 2.4, but it compiles fine under gcc 2.8.1

/build sol CC=gcc

does the trick.

Chad

Chad Price
Systems Manager
University of Nebraska Medical Center
600 S 42nd St
Omaha, NE 68506-6495
[email protected]
(402) 559-9527
(402) 559-4077 (FAX)

From [email protected] Mon Feb 15 19:29:14 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id TAA20354;
Mon, 15 Feb 1999 19:29:13 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id TAA08705;
Mon, 15 Feb 1999 19:24:43 -0600 (CST)
Received: from aventurine.sge.net (aventurine.sge.net [152.91.14.25])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id TAA17189
for <[email protected]>; Mon, 15 Feb 1999 19:17:55 -0600 (CST)
Received: from titanium.sge.net ([email protected] [152.91.9.2])
by aventurine.sge.net (8.9.3/8.9.3) with ESMTP id MAA07442
for <[email protected]>; Tue, 16 Feb 1999 12:17:36 +1100 (EST)
Received: (from uucp@localhost)
by titanium.sge.net (8.8.5/8.8.5) id MAA07060
for <[email protected]>; Tue, 16 Feb 1999 12:17:35 +1100 (EST)
Received: from kryptonite.sge.net(10.1.2.11) by titanium.sge.net via smap (3.2)
id xma006853; Tue, 16 Feb 99 12:17:09 +1100
Received: from amber. (ice-int2.sge.net [10.1.2.254])
by kryptonite.sge.net (8.9.3/8.9.3) with SMTP id MAA06947
for <[email protected]>; Tue, 16 Feb 1999 12:17:09 +1100 (EST)
Message-Id: <[email protected]>
Date: Tue, 16 Feb 1999 12:16:14 +1100
Reply-To: [email protected]
Sender: [email protected]
From: James McMahon <[email protected]>
To: [email protected]
Subject: A question about the ftphosts file
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Mailer: Mozilla 4.06 [en] (WinNT; I)
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

I have just upgraded from wu-ftpd beta 18 to wu-ftpd beta 18 VR13 and
have noticed the following problem with matching entries in the ftphosts
file.

My allow vhannan ftphosts file has the following entry:
allow vhannan 203.37.26.* 203.23.182.* 203.37.27.*

When the above user logs in, the following message is logged to
/var/adm/syslog:

Feb 16 10:56:12 amethyst.sge.net ftpd[27525]: FTP LOGIN REFUSED
(name in /opt/local/etc/ftphosts) FROM isp265.unl.can.dynamite.com.au
[203.37.27.25], vhannan

When I comment out the users entry in the hosts file, the user can log
in fine (as is to be expected after looking at the source hostacc.c)

It is my understanding that IP's of the above form should be correctly
expanded, but I guess that I could reformulate the ftphosts entry into
IP:Netmask or CIDR notation for it to work correctly.

I was wondering if anyone could shed any light on why this login is
refused?

Thanks,

James McMahon
SGE

From [email protected] Mon Feb 15 21:13:11 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id VAA27298;
Mon, 15 Feb 1999 21:13:10 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id VAA06384;
Mon, 15 Feb 1999 21:08:42 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id VAA16443
for <[email protected]>; Mon, 15 Feb 1999 21:06:53 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id WAA24497;
Mon, 15 Feb 1999 22:06:39 -0500
Message-Id: <[email protected]>
Date: Mon, 15 Feb 1999 22:06:38 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: James McMahon <[email protected]>
Cc: [email protected]
Subject: Re: A question about the ftphosts file
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Tue, 16 Feb 1999, James McMahon wrote:

> I have just upgraded from wu-ftpd beta 18 to wu-ftpd beta 18 VR13 and
> have noticed the following problem with matching entries in the
> ftphosts file.
>
> My allow vhannan ftphosts file has the following entry:
> allow vhannan 203.37.26.* 203.23.182.* 203.37.27.*

This is another example of the unsafe code in the older versions of the
daemon. Consider the host

203.37.26.attacker.sample.net

If you switch back to an older version you will find access for user
vhannan will be allowed from the attacker.sample.net site.

> It is my understanding that IP's of the above form should be correctly
> expanded, but I guess that I could reformulate the ftphosts entry into
> IP:Netmask or CIDR notation for it to work correctly.

I have a patch which will be in VR15 (for release on the 1st) which will
re-enable the notational form you're using. Although I strongly encourage
all administrators to use CIDR notation instead, I can make the patch
available on a by-request basis.

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Mon Feb 15 21:44:04 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id VAA00150;
Mon, 15 Feb 1999 21:44:03 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id VAA31522;
Mon, 15 Feb 1999 21:40:56 -0600 (CST)
Received: from mail.dcoisp.net ([216.38.137.230])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id VAA10761
for <[email protected]>; Mon, 15 Feb 1999 21:38:47 -0600 (CST)
Received: (qmail 5746 invoked from network); 15 Feb 1999 20:52:35 -0000
Received: from unknown (HELO monster.dcoisp.net) (216.38.137.226)
by bbs.dcoisp.net with SMTP; 15 Feb 1999 20:52:35 -0000
Message-Id: <[email protected]>
Date: Sun, 14 Feb 1999 19:31:40 +0000
Reply-To: [email protected]
Sender: [email protected]
From: "Jeremy D. Hartley" <[email protected]>
To: [email protected]
Subject: slow ftp logins.
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Sender: [email protected]
X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.5 (32)
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Greetings everyone.
I think I just need to be pointed in the right direction, as it is, I don't
know where to ever start.
I just got a few e-mails from a client saying that it takes about 45
seconds for his ftp client to connect to his server.
I am running version wu-2.4.2 Beta 17.
I tryed it out, and this is indeed the case.
The ftp client connects to the ftp port almost instantly, however, it takes
almost 45 seconds for the server to return the welcome and login screen.
This is constant.
For a test, I tryed connecting to another machine, running the same version
of the server software.
It connected instantly with no delays.
Like I said, I don't even know where to start.
I looked at FAQ first, but didn't find any question that seemed to be
related to my problem.
I am not afraid to do research, but if someone could point me in the right
direction, or give me some information, I would appreciate it.
I am using FreeBSD 2.2.5 if that helps any.
Thank you very much.
Jeremy

From [email protected] Mon Feb 15 21:52:01 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id VAA00706;
Mon, 15 Feb 1999 21:52:00 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id VAA18799;
Mon, 15 Feb 1999 21:47:29 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id VAA17974
for <[email protected]>; Mon, 15 Feb 1999 21:44:30 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id WAA24830;
Mon, 15 Feb 1999 22:44:25 -0500
Message-Id: <[email protected]>
Date: Mon, 15 Feb 1999 22:44:25 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: "Jeremy D. Hartley" <[email protected]>
Cc: [email protected]
Subject: Re: slow ftp logins.
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Sun, 14 Feb 1999, Jeremy D. Hartley wrote:

> I think I just need to be pointed in the right direction, as it is, I don't
> know where to ever start.

Start with the AUTH protocol.

> It connected instantly with no delays.

It was on a machine running AUTH (identd or in.identd or something
similar).

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Tue Feb 16 01:30:19 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id BAA10385;
Tue, 16 Feb 1999 01:30:19 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id BAA32350;
Tue, 16 Feb 1999 01:25:37 -0600 (CST)
Received: from bw86zhb.bluewin.ch (bw86zhb.bluewin.ch [195.186.1.76])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id BAA17856
for <[email protected]>; Tue, 16 Feb 1999 01:22:44 -0600 (CST)
Received: from bwfw1.bluewin.ch ([195.186.1.60]) by bw86zhb.bluewin.ch (
with SMTP id AAA3123 for <[email protected]>;
Tue, 16 Feb 1999 08:22:35 +0100
Received: from bwfw3.bluewin.ch by bwfw1.bluewin.ch
via smtpd (for [195.186.1.76]) with SMTP; 16 Feb 1999 07:22:39 UT
Received: from [172.22.116.244] by bwfw3.bluewin.ch
via smtpd (for mail2.bluewin.ch [195.186.1.76]) with SMTP; 16 Feb 1999 07:22:38 UT
Message-Id: <[email protected]>
Date: Tue, 16 Feb 1999 08:22:39 +0100
Reply-To: [email protected]
Sender: [email protected]
From: Philippe Oesch <[email protected]>
To: "[email protected]" <[email protected]>
Subject: permissions (faq-esque)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Mailer: Mozilla 4.5 [en] (WinNT; U)
X-Accept-Language: en
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Salut to everyone,

aargggh, it must be a faq, but after having checked everything (?), i
still don't know... here's my story:

i just upgraded to beta 18-18, an rpm build from suse-linux (germany)
dated 10.02.1999 that is. now it hasn't been possible to login even as
authorized user!

/etc/shells, /etc/ftpaccess, /etc/passwd look fine to me. There wasn't
that much to change, was there anyways? has anyone noticed problems with
the mentioned rpm, too?

besides: what's the exact function, layout of the ~ftp/etc/passwd file
(in contrast to /etc/passwd)? how about differences on a shadow
passworded system?

cheers & thanks, Philippe
--
Philippe Oesch, Dipl. Ing. ETH
PGP Key ID: 0x6F293ADC

From [email protected] Tue Feb 16 04:29:41 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id EAA11588;
Tue, 16 Feb 1999 04:29:41 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id EAA08279;
Tue, 16 Feb 1999 04:25:18 -0600 (CST)
Received: from snoopy.nic.fiducia.de (snoopy.nic.fiducia.de [195.200.32.17])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id EAA00334
for <[email protected]>; Tue, 16 Feb 1999 04:23:42 -0600 (CST)
Received: from smtp.fiducia.de ([195.200.32.4]) by snoopy.nic.fiducia.de
(Netscape Messaging Server 3.5) with SMTP id 100
for <[email protected]>; Tue, 16 Feb 1999 11:26:27 +0100
Received: from orga.de ([10.2.60.138]) by smtp.fiducia.de (Lotus SMTP MTA Internal build v4.6.2 (651.2 6-10-1998)) with SMTP id 41256719.005F3A3B; Mon, 15 Feb 1999 18:20:08 +0100
Message-Id: <[email protected]>
Date: Mon, 15 Feb 1999 18:21:32 +0100
Reply-To: [email protected]
Sender: [email protected]
From: Edgar Ringelspacher <[email protected]>
To: [email protected]
Subject: beta18 with ssl Patch unter SOLARIS ?
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Mailer: Mozilla 4.5 [de] (WinNT; I)
X-Accept-Language: de
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Hallo,
has anybody WU-FTP Beta 18 (with Eugene Crossers SSL Patch included)
compiled under SOLARIS 2.4 or 2.5 ?

Regards
Edgar Ringelspacher

From [email protected] Tue Feb 16 06:39:42 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id GAA12857;
Tue, 16 Feb 1999 06:39:41 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id GAA15623;
Tue, 16 Feb 1999 06:35:12 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id GAA03937
for <[email protected]>; Tue, 16 Feb 1999 06:31:26 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id HAA29323;
Tue, 16 Feb 1999 07:30:49 -0500
Message-Id: <[email protected]>
Date: Tue, 16 Feb 1999 07:30:48 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: Terrill Yuhas <[email protected]>
Cc: [email protected]
Subject: Re: SunOS 4.1.3_U1 compile problems
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Mon, 15 Feb 1999, Gregory A Lundberg wrote:

> > > #define RAND_MAX 32767
> > >
> > > and hope that's the correct value (or call your OS vendor to find out). I
> > > have a report of this for SunOS 4.1 (s41); anyone else please let me khow
> > > so I can add the fix to VR15.
> >
> > After I appended that line, it compiles/runs fine.
> >
> > > Also, take a peak in /usr/include/limits.h and let me know if RAND_MAX is
> > > there or not.
> >
> > Couldn't find the RAND_MAX statement.
>
> Drat. The peril of 'guessing' the value like this is it it's too small
> the PASV port randomizer can overrun the array of valid ports assinging
> invalid port numbers. If it's too large the randomizer will not use all
> the available ports.
>
> I like the gcc posting a while ago which indicates the problem is cleanly
> solvable.

So after this email my friend who does SunOS testing for me goes "oops"
and sends the following:

> It's my mistake...
>
> /* SunOS4 */
> #define RAND_MAX 2147483647
>

The fact that gcc didn't have a problem means someone somewhere has put
the value in an include file. If someone could find that file on SunOS
I'd be very appreciative.

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Tue Feb 16 06:51:35 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id GAA12947;
Tue, 16 Feb 1999 06:51:34 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id GAA28497;
Tue, 16 Feb 1999 06:47:57 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id GAA21762
for <[email protected]>; Tue, 16 Feb 1999 06:43:01 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id HAA29406;
Tue, 16 Feb 1999 07:42:21 -0500
Message-Id: <[email protected]>
Date: Tue, 16 Feb 1999 07:42:21 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: [email protected]
Cc: "[email protected]" <[email protected]>
Subject: Re: permissions (faq-esque)
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Tue, 16 Feb 1999, Philippe Oesch wrote:

> i just upgraded to beta 18-18, an rpm build from suse-linux (germany)
> dated 10.02.1999 that is. now it hasn't been possible to login even as
> authorized user!

Koos, here's the FAQ:

Q: I just upgraded and now nobody can log in. It worked before.

A: Did you look in the system log? The daemon will log the reason for the
failure there. It helps a *LOT* to know why.

So, sight unseen, I'll guess you're upgrading to the VR version and, if
you'd look, the syslog says 'not in any class'.

That means you're using the old, unsafe wildcards on your class
statements such as the following:

class lcl real,guest,anonymous 127.*.*.*

Which didn't really do what you though it did because an attacker from
127.attacker.example.net would be miss-classes as 'lcl'.

The VR update currently does not support this notation. Use netmask or
CIDR instead, as in either of the following:

class lcl real,guest,anonymous 127.0.0.0/8

or

class lcl real,guest,anonymous 127.0.0.0:255.0.0.0

The VR15 update will include support for the old wildcards as they were
most commonly used (as in the example above), but without the errors
which allowed matching unintended hosts.

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Tue Feb 16 07:31:30 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id HAA13144;
Tue, 16 Feb 1999 07:31:29 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id HAA00677;
Tue, 16 Feb 1999 07:27:06 -0600 (CST)
Received: from tomsk.ultramedia.co.uk ([212.250.216.2])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id HAA20231
for <[email protected]>; Tue, 16 Feb 1999 07:26:40 -0600 (CST)
Received: from tomsk.ultramedia.co.uk (tomsk.ultramedia.co.uk [212.250.216.2])
by tomsk.ultramedia.co.uk (8.9.0/8.9.0) with SMTP id NAA28344
for <[email protected]>; Tue, 16 Feb 1999 13:24:50 GMT
Message-Id: <[email protected]>
Date: Tue, 16 Feb 1999 13:24:50 +0000 (GMT)
Reply-To: Chris Shaw <[email protected]>
Sender: [email protected]
From: Chris Shaw <[email protected]>
To: [email protected]
Subject: easy Q?
MIME-Version: 1.0
Content-Type: TEXT/plain; charset=us-ascii
Content-MD5: csENASoDhlzglnXZ+u7EGQ==
X-Mailer: dtmail 1.3.0 CDE Version 1.3 SunOS 5.7 sun4m sparc
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Hi,

I've set up wu-ftp and followed the instructions to set up a guest account.

I have an anonymous account which works fine...when I do 'pwd' it tells me I'm
at root when I'm really in /export/ftp, and prevents me moving outside of this
area

but in my guest account I can cd.. right through my filesystem!

I'm sure this must be an obvious error..but according to the pages I followed
(if I am understanding this right) - the home directory path (as below) should
prevent this?????

root:x:0:0::/:/etc/ftponly
myguest:x:1013:400::/export/htdocs/myguest/./:/etc/ftponly

..my anonymous passwd file (which works) is below...

root:x:0:1::/:/etc/ftponly
ftp:x:30000:60001:Anonymous FTP:/export/ftp/./:/etc/ftponly

Many TIA

Chris
-=-=-

From [email protected] Tue Feb 16 09:15:36 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id JAA14074;
Tue, 16 Feb 1999 09:15:35 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id JAA25750;
Tue, 16 Feb 1999 09:11:12 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id JAA19395
for <[email protected]>; Tue, 16 Feb 1999 09:09:45 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id KAA30862;
Tue, 16 Feb 1999 10:09:38 -0500
Message-Id: <[email protected]>
Date: Tue, 16 Feb 1999 10:09:38 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: Chris Shaw <[email protected]>
Cc: [email protected]
Subject: Re: easy Q?
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Tue, 16 Feb 1999, Chris Shaw wrote:

> myguest:x:1013:400::/export/htdocs/myguest/./:/etc/ftponly

Create a new group in the real /etc/group

ftpgroup:*:96:myguest

the groupname 'ftpgroup' is an exampole, change it if you wan the number
'96' is an example, you will almost certainly want to change IT.

notice 'myguest' is listed EXPLICITLY as a member of this group

Now add the following line to your /etc/ftpaccess file:

guestgroup ftpgroup

ta da!

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Tue Feb 16 09:34:03 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id JAA14251;
Tue, 16 Feb 1999 09:34:03 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id JAA10658;
Tue, 16 Feb 1999 09:30:51 -0600 (CST)
Received: from tomsk.ultramedia.co.uk ([212.250.216.2])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id JAA26479
for <[email protected]>; Tue, 16 Feb 1999 09:29:36 -0600 (CST)
Received: from tomsk.ultramedia.co.uk (tomsk.ultramedia.co.uk [212.250.216.2])
by tomsk.ultramedia.co.uk (8.9.0/8.9.0) with SMTP id PAA29741
for <[email protected]>; Tue, 16 Feb 1999 15:27:40 GMT
Message-Id: <[email protected]>
Date: Tue, 16 Feb 1999 15:27:40 +0000 (GMT)
Reply-To: Chris Shaw <[email protected]>
Sender: [email protected]
From: Chris Shaw <[email protected]>
To: [email protected]
Subject: Re: easy Q?
MIME-Version: 1.0
Content-Type: TEXT/plain; charset=us-ascii
Content-MD5: +mEHmSrdSuZjQj+H57VEXA==
X-Mailer: dtmail 1.3.0 CDE Version 1.3 SunOS 5.7 sun4m sparc
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

> > myguest:x:1013:400::/export/htdocs/myguest/./:/etc/ftponly
>
> Create a new group in the real /etc/group
>
> ftpgroup:*:96:myguest
>
> the groupname 'ftpgroup' is an exampole, change it if you wan the number
> '96' is an example, you will almost certainly want to change IT.
>
> notice 'myguest' is listed EXPLICITLY as a member of this group
>
> Now add the following line to your /etc/ftpaccess file:
>
> guestgroup ftpgroup
>
> ta da!

Thanks for the quick reply...

Both my /etc/group and my "guest's" etc/group file contain the following:

ftpgroup::400:myguest

.and /etc/ftpaccess contains

guestgroup ftpgroup

but I still have the same problem as before

Is there something else?

TIA

Chris
-=-=-

From [email protected] Tue Feb 16 09:41:40 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id JAA14350;
Tue, 16 Feb 1999 09:41:39 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id JAA17985;
Tue, 16 Feb 1999 09:37:10 -0600 (CST)
Received: from ramses.lu.se (ramses.lu.se [130.235.132.90])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id JAA29375
for <[email protected]>; Tue, 16 Feb 1999 09:36:20 -0600 (CST)
Received: from lu-dal2.dal.lu.se (lu-dal2.dal.lu.se [130.235.143.210] (may be forged))
by ramses.lu.se (8.9.0/8.9.0) with ESMTP id QAA11166
for <[email protected]>; Tue, 16 Feb 1999 16:37:09 +0100 (MET)
Received: from LU-DAL2/SpoolDir by lu-dal2.dal.lu.se (Mercury 1.43);
16 Feb 99 17:29:41 +0100
Received: from SpoolDir by LU-DAL2 (Mercury 1.43); 16 Feb 99 17:29:25 +0100
Message-Id: <[email protected]>
Date: Tue, 16 Feb 1999 17:29:21 GMT+200
Reply-To: [email protected]
Sender: [email protected]
From: "Stig Isaksson" <[email protected]>
To: [email protected]
Subject: Re: Erratic listing (SOLVED)
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
X-pmrqc: 1
X-mailer: Pegasus Mail for Windows (v2.33)
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Hi all,

A couple of days ago I wrote to this list about my hardships in
relation to ftp client listings of directories with 8-bit characters
in the file names. It's solved now, principally thanks to advice from
Gregory L. and Wally W. Since I believe the solution could be of
common interest at least to people who run wu-ftpd on Solaris systems
I will summarize it briefly here:

Copy the directory structure /locale/C/ from /usr/bin to ~usr/bin.
When the ls command encounters file names with highbit characters in
them it calls loadtab which tries to open the file
~/usr/lib/locale/C/LC_CTYPE/ctype which consequently must be present
in the chrooted area. If it isn't, the listing gets terribly
corrupted on the client.

Just now Greg tells me this is in the FAQ after all. It must be sort
of hidden though, for I perused the FAQ before, and now I made some
searches there again (keywords: LC_CTYPE, ctype, 8-bit, highbit,
listing, usr/lib, Solaris etc.) and studied the Solaris chapter
closely, but was unable find it. Hm.

Anyway, I sincerely hope this message might save some of you from the
frustration I went through on my way to enlightenment.

Greetings from Lund, Sweden,
Stig
------------------------------------------------------------
Stig Isaksson
Dialekt- och ortnamnsarkivet
Helgonabacken 14
S-223 62 LUND
S W E D E N
tel.: +46 46 222 74 68 fax: +46 46 15 23 81
e-mail: [email protected]
http://www.dal.lu.se/

<Forstaor MIME Understands MIME>
------------------------------------------------------------

From [email protected] Tue Feb 16 09:53:15 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id JAA14520;
Tue, 16 Feb 1999 09:53:14 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id JAA22159;
Tue, 16 Feb 1999 09:49:58 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id JAA26821
for <[email protected]>; Tue, 16 Feb 1999 09:48:41 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id KAA31366;
Tue, 16 Feb 1999 10:48:29 -0500
Message-Id: <[email protected]>
Date: Tue, 16 Feb 1999 10:48:29 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: Stig Isaksson <[email protected]>
Cc: [email protected]
Subject: Re: Erratic listing (SOLVED)
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Tue, 16 Feb 1999, Stig Isaksson wrote:

> Just now Greg tells me this is in the FAQ after all. It must be sort
> of hidden though, for I perused the FAQ before, and now I made some
> searches there again (keywords: LC_CTYPE, ctype, 8-bit, highbit,
> listing, usr/lib, Solaris etc.) and studied the Solaris chapter
> closely, but was unable find it. Hm.

The oft-overlooked Swiss Army knife of debugging problems with 'ls' and
the other ~ftp/bin programs:

-- from the FAQ http://www.cetis.hvu.nl/~koos/wu-ftpd-faq.html

10. Programs (ls, gzip, tar) work for real users, not for anonymous users,
giving errors like 425 Can't create data socket (0.0.0.0,20): Bad file
number or simply no output.

First, consider if you can't relink them staticly so the shared libraries
aren't needed. You can get the GNU fileutils from :
<URL:ftp://prep.ai.mit.edu/pub/gnu/fileutils-3.16.tar.gz> (version numbers
may vary).

For different operating systems, different libraries and/or devices are
needed. You can test if things are running correctly by doing a chroot to
the ftp homedir. To test if /bin/ls is working in the ~ftp dir, type :

chroot ~ftp /bin/ls

Or, the partition is mounted -nosuid which gives the same error under
SunOS or Solaris, more information on the page
<URL:http://www.stokely.com/stokely/sunservice.tips/11991.html>

--

what's new here, and not suprising when you think about it, is that
localization files will be needed to handle some character sets.

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Tue Feb 16 10:01:10 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id KAA14641;
Tue, 16 Feb 1999 10:01:09 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id JAA09911;
Tue, 16 Feb 1999 09:56:40 -0600 (CST)
Received: from snoopy.nic.fiducia.de (snoopy.nic.fiducia.de [195.200.32.17])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id JAA22677
for <[email protected]>; Tue, 16 Feb 1999 09:50:08 -0600 (CST)
Received: from smtp.fiducia.de ([195.200.32.4]) by snoopy.nic.fiducia.de
(Netscape Messaging Server 3.5) with SMTP id 298
for <[email protected]>; Tue, 16 Feb 1999 16:53:10 +0100
Received: from orga.de ([10.2.60.138]) by smtp.fiducia.de (Lotus SMTP MTA Internal build v4.6.2 (651.2 6-10-1998)) with SMTP id 4125671A.0056D8AC; Tue, 16 Feb 1999 16:48:35 +0100
Message-Id: <[email protected]>
Date: Tue, 16 Feb 1999 16:50:39 +0100
Reply-To: [email protected]
Sender: [email protected]
From: Edgar Ringelspacher <[email protected]>
To: [email protected]
Subject: Re: easy Q?
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Mailer: Mozilla 4.5 [de] (WinNT; I)
X-Accept-Language: de
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

>> > myguest:x:1013:400::/export/htdocs/myguest/./:/etc/ftponly
>> Create a new group in the real /etc/group
>> ftpgroup:*:96:myguest
>> '96' is an example, you will almost certainly want to change IT.
>> notice 'myguest' is listed EXPLICITLY as a member of this group
>> Now add the following line to your /etc/ftpaccess file:
>> guestgroup ftpgroup
>> ta da!
>
>Thanks for the quick reply...
>Both my /etc/group and my "guest's" etc/group file contain the
following:
>ftpgroup::400:myguest
>..and /etc/ftpaccess contains
> guestgroup ftpgroup
>but I still have the same problem as before

.i have the same problem with Beta 18
It works only with an older release

From [email protected] Tue Feb 16 10:54:01 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id KAA15254;
Tue, 16 Feb 1999 10:54:00 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id KAA23314;
Tue, 16 Feb 1999 10:49:06 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id KAA16008
for <[email protected]>; Tue, 16 Feb 1999 10:47:22 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id LAA32356;
Tue, 16 Feb 1999 11:47:17 -0500
Message-Id: <[email protected]>
Date: Tue, 16 Feb 1999 11:47:16 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: WU-FTPD Discussion List <[email protected]>
Subject: About the doc/examples/ftpaccess* files
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

I think you'll all understand that I get a LOT of snippets from ftpaccess
files and I see a common problem.

When you use an example you're supposed to change it to fit your site.

In the past 24 hours, I've had no less than 6 people send me ftpaccess
files with the following line in them:

class local real,guest,anonymous *.domain 0.0.0.0

Here's what I'm doing for VR15, for as much good as it'll do, to try to
convince people to change this line:

Index: doc/examples/ftpaccess.heavy
===================================================================
RCS file: /cvsroot/wu-ftpd/doc/examples/ftpaccess.heavy,v
retrieving revision 1.1.1.1
diff -c -r1.1.1.1 ftpaccess.heavy
*** doc/examples/ftpaccess.heavy 1998/11/06 22:38:12 1.1.1.1
--- doc/examples/ftpaccess.heavy 1999/02/16 16:38:46
***************
*** 1,5 ****
--- 1,7 ----
loginfails 2

+ # HEY YOU! Yeah, you with the editor.
+ # change the following line, or delete it, OK?
class local real,guest,anonymous *.domain 0.0.0.0
class remote real,guest,anonymous *

If y'all don't CHANGE IT, some smart script kiddie will figure out how to
do a one-sided attack claiming a source IP address of 0.0.0.0 and you'll
NEVER figure out where it came from.

So, let's all type 'vi /etc/ftpaccess' right now, OK?

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Tue Feb 16 11:18:51 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id LAA15512;
Tue, 16 Feb 1999 11:18:50 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id LAA26940;
Tue, 16 Feb 1999 11:15:25 -0600 (CST)
Received: from www.aachen.linux.de ([email protected] [198.22.51.242])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id LAA05869
for <[email protected]>; Tue, 16 Feb 1999 11:12:06 -0600 (CST)
Received: from microsoft.sucks.eu.org (ppp-092.in-trier.de [198.22.51.92])
by www.aachen.linux.de (Postfix) with SMTP
id 7EDF7D06B; Tue, 16 Feb 1999 19:23:19 +0100 (CET)
Message-Id: <Pine.LNX.4.10.9902161556490.28027-100000@k6.microsoft.sucks.eu.org>
Date: Tue, 16 Feb 1999 15:57:11 +0100 (CET)
Reply-To: [email protected]
Sender: [email protected]
From: Bernhard Rosenkraenzer <[email protected]>
To: The Hermit Hacker <[email protected]>
Cc: [email protected]
Subject: Re: BeroFTPD 1.3.3 under Solaris 2.5 ...
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Mon, 8 Feb 1999, The Hermit Hacker wrote:

> If you do a configure --enable-pam, the configure 'check' is broken. The
> following patch fixes it...just got 'test' in the wrong place...

Works both ways on most systems...
Will be fixed in 1.3.4.

LLaP
bero

--
Windows 98 supports real multitasking - it can boot and crash simultaneously.
***
Anyone sending unwanted advertising e-mail to this address will be charged
$25 for network traffic and computing time. By extracting my address from
this message or its header, you agree to these terms.

From [email protected] Tue Feb 16 11:39:26 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id LAA15777;
Tue, 16 Feb 1999 11:39:25 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id LAA00066;
Tue, 16 Feb 1999 11:34:38 -0600 (CST)
Received: from fatcat.inven.com (fatcat.inven.com [204.142.49.130])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id LAA24977
for <[email protected]>; Tue, 16 Feb 1999 11:30:45 -0600 (CST)
Received: from mailnyc [195.1.2.68]
by fatcat.inven.com with esmtp (Exim 1.71 #1)
id 10CoLR-0000SC-00; Tue, 16 Feb 1999 12:31:37 -0500
Received: by mailnyc with smtp (Exim 2.10)
id 10CoMo-0004Ez-00; Tue, 16 Feb 1999 12:33:02 -0500
Message-Id: <4.1.19990216122109.00b58480@mailnyc>
Date: Tue, 16 Feb 1999 12:28:17 -0500
Reply-To: [email protected]
Sender: [email protected]
From: John-Paul Pagano <[email protected]>
To: [email protected]
Subject: Web Browser FTP Problems
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Sender: jpagano@mailnyc
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Hi,

I am noticing really odd behavior on the part of Netscape and Internet
Explorer 4.0. Neither browser seems able to reliably interact with my
wu-ftpd server, version 2.4.2.

Netscape works half the time using the following syntax

ftp://user:[email protected]

whereas Internet Explorer (surprise) fails 100% of the time using that same
syntax. I am unable to figure out why Netscape works and Internet Explorer
doesn't. I have narrowed Netscape's 50% choke rate down to there being a #
character in the password I assigned to a particular FTP user, which the
browser doesn't seem to like in version 4.07, but accepts, paradoxically,
in version 4.04.

What is up with this? I need to fix this because I am supporting FTP
clients who are working with limited installations, and often don't have
access to command-line ftp programs that will work through their firewalls
(i.e., NT 4.0 standard ftp + SOCKS, etc.) Is there a wu-ftpd configuration
option that will increase web browser usability?

Thanks.

--
John-Paul Pagano
Unix Systems Administrator
Voice: (212) 208-0828
Fax: (212) 825-1040

From [email protected] Tue Feb 16 11:58:01 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id LAA15987;
Tue, 16 Feb 1999 11:58:00 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id LAA13242;
Tue, 16 Feb 1999 11:54:25 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id LAA04213
for <[email protected]>; Tue, 16 Feb 1999 11:47:42 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id MAA00216;
Tue, 16 Feb 1999 12:47:19 -0500
Message-Id: <[email protected]>
Date: Tue, 16 Feb 1999 12:47:19 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: John-Paul Pagano <[email protected]>
Cc: [email protected]
Subject: Re: Web Browser FTP Problems
In-Reply-To: <4.1.19990216122109.00b58480@mailnyc>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Tue, 16 Feb 1999, John-Paul Pagano wrote:

> I am noticing really odd behavior on the part of Netscape and Internet
> Explorer 4.0. Neither browser seems able to reliably interact with my
> wu-ftpd server, version 2.4.2.
>
> Netscape works half the time using the following syntax
>
> ftp://user:[email protected]
>
> whereas Internet Explorer (surprise) fails 100% of the time using that
> same syntax. I am unable to figure out why Netscape works and
> Internet Explorer doesn't. I have narrowed Netscape's 50% choke rate
> down to there being a # character in the password I assigned to a
> particular FTP user, which the browser doesn't seem to like in version
> 4.07, but accepts, paradoxically, in version 4.04.
>
> What is up with this? I need to fix this because I am supporting FTP
> clients who are working with limited installations, and often don't
> have access to command-line ftp programs that will work through their
> firewalls (i.e., NT 4.0 standard ftp + SOCKS, etc.) Is there a
> wu-ftpd configuration option that will increase web browser usability?

Sure. Send 'em to http://www.ipswitch.com/Products/WS_FTP/index.html
or, if they don't wanna pay money, send 'em to http://www.nonags.com/ and
tell 'em to get an FTP client.

Seriously, it's a client problem and there's nothing the server can do to
fix it. None of my ccustomers have complained about Netscape, but IE is
well-known to be broken.

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Tue Feb 16 12:11:10 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id MAA16149;
Tue, 16 Feb 1999 12:11:08 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id MAA04672;
Tue, 16 Feb 1999 12:07:35 -0600 (CST)
Received: from biff.stud.ntnu.no (biff.stud.ntnu.no [129.241.56.18])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id MAA09252
for <[email protected]>; Tue, 16 Feb 1999 12:03:42 -0600 (CST)
Received: (from joge@localhost)
by biff.stud.ntnu.no (8.9.1/8.9.1) id TAA20849
for [email protected]; Tue, 16 Feb 1999 19:03:39 +0100 (MET)
Message-Id: <[email protected]>
Date: Tue, 16 Feb 1999 19:03:39 +0100 (MET)
Reply-To: [email protected]
Sender: [email protected]
From: Geir Johannessen <[email protected]>
To: [email protected]
Subject: -X not working
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Url: http://www.stud.ntnu.no/~joge/
X-Mailer: ELM [version 2.4ME+ PL50 (25)]
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Hi

I am running beta18-VR13 on a Solaris 2.5.1 machine. Earlier I used beta18
with some hacks in ftpd.c to have it log file transfers to syslog instead
of the xferlog file. Now I see there is a -X option that is supposed to
handle it. I start ftpd by this line:

ftpd -l -t300 -T600 -a -i -o -X -u077

But nothing is logged to syslog before I add the line 'log syslog' to
ftpaccess. So the -X options had better be checked out a bit...

Another thing while I am at it:

How can I download many files and get them tarred and gzipped on the fly.
Right now I can download filename and have it gzipped, tarred or both. But
I cannot choose many files with wildcards, i.e. 'get pat*.tar.gz' to get
all files starting with 'pat'. Any way to do this?

--
Geir Johannessen # [email protected]
E B Schieldropsvei 35-25 # http://www.stud.ntnu.no/~joge/
N-7033 TRONDHEIM, NORWAY # Tlf private +47-73888989, job +47-73598048
"If it wern't for the last minute, nothing would ever get done."

From [email protected] Tue Feb 16 12:24:03 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id MAA16304;
Tue, 16 Feb 1999 12:24:02 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id MAA14570;
Tue, 16 Feb 1999 12:20:33 -0600 (CST)
Received: from jester.ti.com (jester.ti.com [192.94.94.1])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id MAA27777
for <[email protected]>; Tue, 16 Feb 1999 12:14:22 -0600 (CST)
Received: from spanky.dal.asp.ti.com ([172.24.154.20]) by jester.ti.com (8.8.8) with ESMTP id MAA09668 for <[email protected]>; Tue, 16 Feb 1999 12:11:48 -0600 (CST)
Received: from pavis.asic.sc.ti.com (pavis.asic.sc.ti.com [128.247.100.46])
by spanky.dal.asp.ti.com (8.8.8+Sun/8.8.8/FL-ASP-1.8) with SMTP id MAA18620
for <[email protected]>; Tue, 16 Feb 1999 12:13:50 -0600 (CST)
Received: by pavis.asic.sc.ti.com id <[email protected]>; Tue, 16 Feb 99 12:13:50 -0600
Message-Id: <[email protected]>
Date: Tue, 16 Feb 99 12:13:50 CST
Reply-To: [email protected] (Bob Luckin)
Sender: [email protected]
From: Bob Luckin <[email protected]>
To: [email protected]
Subject: Re: Web Browser FTP Problems
In-Reply-To: <4.1.19990216122109.00b58480@mailnyc>; from "John-Paul Pagano" at Feb 16, 99 12:28 (noon)
X-Mimi-Options: HEADERS TI2
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

John-Paul said :-
> I am noticing really odd behavior on the part of Netscape and Internet
> Explorer 4.0. Neither browser seems able to reliably interact with my
> wu-ftpd server, version 2.4.2.
>
> Netscape works half the time using the following syntax
>
> ftp://user:[email protected]
>
> whereas Internet Explorer (surprise) fails 100% of the time using that same
> syntax. I am unable to figure out why Netscape works and Internet Explorer
> doesn't. I have narrowed Netscape's 50% choke rate down to there being a #
> character in the password I assigned to a particular FTP user, which the
> browser doesn't seem to like in version 4.07, but accepts, paradoxically,
> in version 4.04.
>
> What is up with this? I need to fix this because I am supporting FTP
> clients who are working with limited installations, and often don't have
> access to command-line ftp programs that will work through their firewalls
> (i.e., NT 4.0 standard ftp + SOCKS, etc.) Is there a wu-ftpd configuration
> option that will increase web browser usability?

Not really. This is a problem at the browser end. The best you can do is
to make sure you don't assign any passwords with the hash sign (#) in them -
and ask your users that not to use hashes when they change them, either.

Cheers, Bob
--
"Emit no data, coder ? Adapt ! FTP Ada, redo C a tad - on time !"
Bob Luckin [email protected] [http://www.dhc.net/~luckin/palindromes.html]

From [email protected] Tue Feb 16 12:30:20 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id MAA16392;
Tue, 16 Feb 1999 12:30:19 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id MAA11943;
Tue, 16 Feb 1999 12:26:54 -0600 (CST)
Received: from uai.com (Sun4.UAI.COM [149.86.1.2])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id MAA09650
for <[email protected]>; Tue, 16 Feb 1999 12:23:04 -0600 (CST)
Received: from octane.UAI.COM by uai.com with SMTP id AA25825
(5.65c/IDA-1.4.4 for <[email protected]>); Tue, 16 Feb 1999 10:22:59 -0800
Received: from uai.com by octane.UAI.COM id <[email protected]>; Tue, 16 Feb 1999 10:22:57 -0800
Message-Id: <[email protected]>
Date: Tue, 16 Feb 1999 10:22:57 -0800
Reply-To: [email protected]
Sender: [email protected]
From: Richard L Hoesly <[email protected]>
To: [email protected]
Cc: [email protected]
Subject: Re: SunOS 4.1.3_U1 compile problems
References: <[email protected]>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Sender: [email protected]
X-Mailer: Mozilla 4.5 [en] (X11; U; IRIX64 6.4 IP30)
X-Accept-Language: en
X-MIME-Autoconverted: from base64 to 8bit by wugate.wustl.edu id MAA22029
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Gregory A Lundberg wrote:

>
>
> The fact that gcc didn't have a problem means someone somewhere has put
> the value in an include file. If someone could find that file on SunOS
> I'd be very appreciative.
>

I found the following on my SunOS 4.1.4 system by searching every include file.

/usr/lang/SC3.0.1/include/cc_411/stdlib.h: #define RAND_MAX 32767
/usr/lang/SC3.0.1/include/cc_412/stdlib.h: #define RAND_MAX 32767
/usr/lang/SC3.0.1/include/cc_413/stdlib.h: #define RAND_MAX 32767
/usr/lang/SC3.0.1/include/cc_413_U1/stdlib.h: #define RAND_MAX 32767
/usr/lang/SC3.0.1patch/include/cc_411/stdlib.h: #define RAND_MAX 32767
/usr/lang/SC3.0.1patch/include/cc_412/stdlib.h: #define RAND_MAX 32767
/usr/lang/SC3.0.1patch/include/cc_413/stdlib.h: #define RAND_MAX 32767
/usr/lang/SC3.0.1patch/include/cc_413_U1/stdlib.h: #define RAND_MAX 32767
/usr/lang/SC3.0.1patch/include/cc_413_JL/stdlib.h: #define RAND_MAX 32767
/usr/lang/SC3.0.1patch/include/cc_414/stdlib.h: #define RAND_MAX 32767
/usr/lang/SC3.0.1patch/include/cc_414_JL/stdlib.h: #define RAND_MAX 32767
/usr/5include/stdlib.h: #define RAND_MAX 0x7fff

------------------------------------------------------------------
Richard L. Hoesly Phone: 310-214-2922
Directory of Software Systems FAX: 310-214-3420
Universal Analytics, Inc. Email: [email protected]
3625 Del Amo Blvd., Suite 370
Torrance, California 90503

From [email protected] Tue Feb 16 12:31:30 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id MAA16415;
Tue, 16 Feb 1999 12:31:30 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id MAA08529;
Tue, 16 Feb 1999 12:27:40 -0600 (CST)
Received: from fatcat.inven.com (fatcat.inven.com [204.142.49.130])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id MAA14278
for <[email protected]>; Tue, 16 Feb 1999 12:26:35 -0600 (CST)
Received: from mailnyc [195.1.2.68]
by fatcat.inven.com with esmtp (Exim 1.71 #1)
id 10CpDT-0001CO-00; Tue, 16 Feb 1999 13:27:27 -0500
Received: by mailnyc with smtp (Exim 2.10)
id 10CpEq-0004tv-00; Tue, 16 Feb 1999 13:28:52 -0500
Message-Id: <4.1.19990216131742.00bf5220@mailnyc>
Date: Tue, 16 Feb 1999 13:24:07 -0500
Reply-To: [email protected]
Sender: [email protected]
From: John-Paul Pagano <[email protected]>
To: [email protected]
Subject: ls once worked, now no dice
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Sender: jpagano@mailnyc
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

This is strange behavior. I set up wu-ftpd to handle a number of "real"
users, each of which is chrooted in the password file to be jailed in his
own home directory. I read reams of documentation before setting this up
that stated that I had to set up a proper chroot environment for these
users, in that I needed a statically linked build of ls, among other
things, for their limited environments to be usable.

So, I was planning to do that, but after I set up the initial installation
of wu-ftpd, I found that users were in fact able to log in and see the
files in their home directories without even a dynamically linked ls in
their home dirs, let alone a statically linked version. I found this odd,
but assumed that perhaps the documentation out there wasn't current with
the latest version of wu-ftpd, which seemed to have some very intelligent
facility for managing chrooted environments without my having to build
static bins and other things for the users to use.

Now, however, I suddenly find that users can no longer see anything in
their home directories. Not only does ls not work, but the dir command
seems to be unavailable. What can have caused this change? I have done
nothing to the server since the last time it worked; I haven't even
restarted it. Should I just go ahead and build the static ls for each
user, or is there some actual reason why file access should have been
possible without doing so, some config state I can revert to in order to
save the trouble of building the static ls?

Thanks.

--
John-Paul Pagano
Unix Systems Administrator
Voice: (212) 208-0828
Fax: (212) 825-1040

From [email protected] Tue Feb 16 13:28:54 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id NAA17168;
Tue, 16 Feb 1999 13:28:52 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id NAA02723;
Tue, 16 Feb 1999 13:25:23 -0600 (CST)
Received: from fog.ccsf.cc.ca.us ([email protected] [147.144.1.3])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id NAA18808
for <[email protected]>; Tue, 16 Feb 1999 13:20:35 -0600 (CST)
Received: from sol.ccsf.cc.ca.us (sol.ccsf.cc.ca.us [147.144.20.31])
by fog.ccsf.cc.ca.us (8.8.6 (PHNE_14041)/8.8.6) with SMTP id LAA05281;
Tue, 16 Feb 1999 11:20:30 -0800 (PST)
Received: from localhost by sol.ccsf.cc.ca.us (SMI-8.6/SMI-SVR4)
id LAA15954; Tue, 16 Feb 1999 11:20:28 -0800
Message-Id: <[email protected]>
Date: Tue, 16 Feb 1999 11:20:28 -0800 (PST)
Reply-To: "Joe R. Jah" <[email protected]>
Sender: [email protected]
From: "Joe R. Jah" <[email protected]>
To: Gregory A Lundberg <[email protected]>
Cc: WU-FTPD Discussion List <[email protected]>
Subject: Re: [VR14] Security update for wu-ftpd 2.4.2 (beta 18) VR13
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Mon, 15 Feb 1999, Gregory A Lundberg wrote:

> Date: Mon, 15 Feb 1999 12:00:00 -0500 (EST)
> From: Gregory A Lundberg <[email protected]>
> To: WU-FTPD Discussion List <[email protected]>
> Subject: [VR14] Security update for wu-ftpd 2.4.2 (beta 18) VR13
>
> The VR14 updates for WU-FTPD 2.4.2 (beta-18) is now available.
>
> This is a security update. If you are running any version of wu-ftpd
> prior to this version, you are STRONGLY encouraged to upgrade. There
> are no new features in this version.

I run BeroFTPD 1.3.3 since Saturday;) Is it vulnerable?

Thanks,

Joe

_/ _/_/_/ _/ ____________ __o
_/ _/ _/ _/ ______________ _-\<,_
_/ _/ _/_/_/ _/ _/ ......(_)/ (_)
_/_/ oe _/ _/. _/_/ ah [email protected]

From [email protected] Tue Feb 16 13:48:00 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id NAA17424;
Tue, 16 Feb 1999 13:47:59 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id NAA27005;
Tue, 16 Feb 1999 13:44:09 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id NAA23415
for <[email protected]>; Tue, 16 Feb 1999 13:37:33 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id OAA01335;
Tue, 16 Feb 1999 14:37:25 -0500
Message-Id: <[email protected]>
Date: Tue, 16 Feb 1999 14:37:25 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: "Joe R. Jah" <[email protected]>
Cc: WU-FTPD Discussion List <[email protected]>
Subject: Re: [VR14] Security update for wu-ftpd 2.4.2 (beta 18) VR13
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Tue, 16 Feb 1999, Joe R. Jah wrote:

> > This is a security update. If you are running any version of wu-ftpd
> > prior to this version, you are STRONGLY encouraged to upgrade. There
> > are no new features in this version.
>
> I run BeroFTPD 1.3.3 since Saturday;) Is it vulnerable?

Bernard's working on 1.3.4 which should include the fixes for PASV port
race. The other problems I fixed may or may not be in BeroFTPD.

Give him a chance. IP connectivity in Europe is not cheap.

I wouldn't worry about PASV port race too much while waiting until 1.3.4;
you've lived with it this long, a few days more or less won't matter.

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Tue Feb 16 13:48:31 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id NAA17448;
Tue, 16 Feb 1999 13:48:30 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id NAA20653;
Tue, 16 Feb 1999 13:45:05 -0600 (CST)
Received: from fatcat.inven.com (fatcat.inven.com [204.142.49.130])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id NAA20638
for <[email protected]>; Tue, 16 Feb 1999 13:39:53 -0600 (CST)
Received: from mailnyc [195.1.2.68]
by fatcat.inven.com with esmtp (Exim 1.71 #1)
id 10CqMP-0002EJ-00; Tue, 16 Feb 1999 14:40:45 -0500
Received: by mailnyc with smtp (Exim 2.10)
id 10CqNm-0005lS-00; Tue, 16 Feb 1999 14:42:10 -0500
Message-Id: <4.1.19990216141906.00c0f9c0@mailnyc>
Date: Tue, 16 Feb 1999 14:37:26 -0500
Reply-To: [email protected]
Sender: [email protected]
From: John-Paul Pagano <[email protected]>
To: [email protected]
Subject: Further Diagnosis: ls problems
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Sender: jpagano@mailnyc
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Hi,

After a couple of days of research, and my previous post on the ls issue, I
have finally narrowed my diagnosis of the problem. It seems that ls does
in fact work as before, in spite of the absence of a static ls binary in
each user's chrooted home directory. The problem was that I was accessing
the web site through SOCKS, which encrypts the ftp traffic, and it seems
that there is a bug in SOCKS that disallows the proper functioning of ls
under certain conditions. I have heard frequent reports of this, and we
are using a pretty old version of SOCKS, so it all makes sense now.

I was wondering if anyone knows of a server side config option in wu-ftpd
that will better enable encrypted client access to the server?

One final question, if there a server-side config option that will let me
enable the dir command? So far, no ftp clients' dir commands seem to work
with it.

Thanks for all your help.

--
John-Paul Pagano
Unix Systems Administrator
Voice: (212) 208-0828
Fax: (212) 825-1040

From [email protected] Tue Feb 16 13:54:26 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id NAA17524;
Tue, 16 Feb 1999 13:54:25 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id NAA16620;
Tue, 16 Feb 1999 13:50:43 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id NAA15076
for <[email protected]>; Tue, 16 Feb 1999 13:44:52 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id OAA01395;
Tue, 16 Feb 1999 14:44:43 -0500
Message-Id: <[email protected]>
Date: Tue, 16 Feb 1999 14:44:43 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: Richard L Hoesly <[email protected]>
Cc: [email protected]
Subject: Re: SunOS 4.1.3_U1 compile problems
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

It just so happens I'm logged into an s41 box right now.

On Tue, 16 Feb 1999, Richard L Hoesly wrote:

> I found the following on my SunOS 4.1.4 system by searching every include file.
>
> ./usr/lang/SC3.0.1/include/cc_411/stdlib.h: #define RAND_MAX 32767
> ./usr/lang/SC3.0.1/include/cc_412/stdlib.h: #define RAND_MAX 32767
> ./usr/lang/SC3.0.1/include/cc_413/stdlib.h: #define RAND_MAX 32767
> ./usr/lang/SC3.0.1/include/cc_413_U1/stdlib.h: #define RAND_MAX 32767
> ./usr/lang/SC3.0.1patch/include/cc_411/stdlib.h: #define RAND_MAX 32767
> ./usr/lang/SC3.0.1patch/include/cc_412/stdlib.h: #define RAND_MAX 32767
> ./usr/lang/SC3.0.1patch/include/cc_413/stdlib.h: #define RAND_MAX 32767
> ./usr/lang/SC3.0.1patch/include/cc_413_U1/stdlib.h: #define RAND_MAX 32767
> ./usr/lang/SC3.0.1patch/include/cc_413_JL/stdlib.h: #define RAND_MAX 32767
> ./usr/lang/SC3.0.1patch/include/cc_414/stdlib.h: #define RAND_MAX 32767
> ./usr/lang/SC3.0.1patch/include/cc_414_JL/stdlib.h: #define RAND_MAX 32767

Don't see any of these guys.

> ./usr/5include/stdlib.h: #define RAND_MAX 0x7fff

this one's there

question becomes: how to convince the Makefile to use this include file,
and is this the right one for the runtime routine being linked? since I
know squat about SunOS (I'm working on another problem) maybe someone can
give me a clue.

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Tue Feb 16 13:55:21 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id NAA17535;
Tue, 16 Feb 1999 13:55:21 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id NAA10814;
Tue, 16 Feb 1999 13:51:45 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id NAA29806
for <[email protected]>; Tue, 16 Feb 1999 13:49:43 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id OAA01449;
Tue, 16 Feb 1999 14:49:36 -0500
Message-Id: <[email protected]>
Date: Tue, 16 Feb 1999 14:49:36 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: John-Paul Pagano <[email protected]>
Cc: [email protected]
Subject: Re: Further Diagnosis: ls problems
In-Reply-To: <4.1.19990216141906.00c0f9c0@mailnyc>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Tue, 16 Feb 1999, John-Paul Pagano wrote:

> After a couple of days of research, and my previous post on the ls
> issue, I have finally narrowed my diagnosis of the problem. It seems
> that ls does in fact work as before, in spite of the absence of a
> static ls binary in each user's chrooted home directory. The problem
> was that I was accessing the web site through SOCKS, which encrypts
> the ftp traffic, and it seems that there is a bug in SOCKS that
> disallows the proper functioning of ls under certain conditions. I
> have heard frequent reports of this, and we are using a pretty old
> version of SOCKS, so it all makes sense now.
>
> I was wondering if anyone knows of a server side config option in
> wu-ftpd that will better enable encrypted client access to the server?
>
> One final question, if there a server-side config option that will let
> me enable the dir command? So far, no ftp clients' dir commands seem
> to work with it.

dir works, ls doesn't. one command is using LIST, the other NLST. one
needs ~ftp/bin/ls, the other doesn't. you're missing ~ftp/bin/ls

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Tue Feb 16 14:09:42 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id OAA17776;
Tue, 16 Feb 1999 14:09:41 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id OAA22512;
Tue, 16 Feb 1999 14:05:53 -0600 (CST)
Received: from trex.nist.gov (trex.nist.gov [129.6.17.17])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id OAA24794
for <[email protected]>; Tue, 16 Feb 1999 14:03:33 -0600 (CST)
Received: from localhost (loopback [127.0.0.1]) by trex.nist.gov (AIX4.3/UCB 8.8.8/8.7) with ESMTP id PAA23708 for <[email protected]>; Tue, 16 Feb 1999 15:02:56 -0500
Message-Id: <[email protected]>
Date: Tue, 16 Feb 1999 15:02:56 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: "Steve D'Angona X4319" <[email protected]>
To: [email protected]
Subject: RE: wu-ftpd-2.4.2-beta-18-vr13 fails on AIX 4.2.1
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

I experienced the same problem using AIX V 4.3.2 and AIX C compiler
V4.4. Its peculiar because not all clients experienced the problem. We
have AIX and Sun boxes which did not have the problem. SGI's and FTP
Software's ftp clients did experience the problem...

I have tried the two offered workarounds. The first did not work with
IBM's C compiler. I put #undef THROUGHPUT in the main config.h and
src/config.h with the same results....

When I try a "get" from SGI boxes, and some other clients, I still get

451 local resource failure: malloc: Error 0.

Workaround # 2, using the gcc compiler V2.8.1, seems to work, although the
compiled code is quite a bit bigger than the AIX genn'd code. (But it
works:-)

Hope this helps...

Steve

In response to:
>
> WORKAROUNDS:
>
> Either of the following makes the ftpd work correctly:
>
> 1. Use #undef THROUGHPUT in config.h. This apparently makes
> the compiler generate correct code.
>
> 2. Compile with GCC: In ./src go "make CC=gcc".
>
> I have no further ideas on how to fool the AIX cc compiler into
> generating correct code. You should talk to real AIX experts
> or submit the problem to IBM Support.
>
> Our AIX C-compiler is xlC.C with the latest fixes at level 3.1.4.10.
> We do not have the new compiler version 4.4.
>
> With best regards,
>
> Ole Holm Nielsen
> Department of Physics, Building 307
> Technical University of Denmark, DK-2800 Lyngby, Denmark
>
>

From [email protected] Tue Feb 16 14:15:58 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id OAA17865;
Tue, 16 Feb 1999 14:15:57 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id OAA24031;
Tue, 16 Feb 1999 14:12:18 -0600 (CST)
Received: from www.aachen.linux.de ([email protected] [198.22.51.242])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id OAA15566
for <[email protected]>; Tue, 16 Feb 1999 14:07:19 -0600 (CST)
Received: from microsoft.sucks.eu.org (ppp-085.in-trier.de [198.22.51.85])
by www.aachen.linux.de (Postfix) with SMTP
id DEBD8D06B; Tue, 16 Feb 1999 22:18:34 +0100 (CET)
Message-Id: <Pine.LNX.4.10.9902162105380.14731-100000@k6.microsoft.sucks.eu.org>
Date: Tue, 16 Feb 1999 21:07:15 +0100 (CET)
Reply-To: [email protected]
Sender: [email protected]
From: Bernhard Rosenkraenzer <[email protected]>
To: John-Paul Pagano <[email protected]>
Cc: [email protected]
Subject: Re: Further Diagnosis: ls problems
In-Reply-To: <4.1.19990216141906.00c0f9c0@mailnyc>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Tue, 16 Feb 1999, John-Paul Pagano wrote:

> I was wondering if anyone knows of a server side config option in wu-ftpd
> that will better enable encrypted client access to the server?

If KRB5/GSSAPI is what you're looking for, get BeroFTPD
(ftp://beroftpd.unix.eu.org/pub/BeroFTPD/BeroFTPD-1.3.3.tar.gz)

> One final question, if there a server-side config option that will let me
> enable the dir command?

Should work without problems if you've set up a chroot system with
statically linked ls and such.
If you don't want to go through the trouble of putting ls in every user's
home directory, look at BeroFTPD which implements ls internally.

LLaP
bero

--
Windows 98 supports real multitasking - it can boot and crash simultaneously.
***
Anyone sending unwanted advertising e-mail to this address will be charged
$25 for network traffic and computing time. By extracting my address from
this message or its header, you agree to these terms.

From [email protected] Tue Feb 16 14:22:44 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id OAA18003;
Tue, 16 Feb 1999 14:22:44 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id OAA22645;
Tue, 16 Feb 1999 14:19:00 -0600 (CST)
Received: from fatcat.inven.com (fatcat.inven.com [204.142.49.130])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id OAA23304
for <[email protected]>; Tue, 16 Feb 1999 14:12:12 -0600 (CST)
Received: from mailnyc [195.1.2.68]
by fatcat.inven.com with esmtp (Exim 1.71 #1)
id 10CqrZ-0002gr-00; Tue, 16 Feb 1999 15:12:57 -0500
Received: by mailnyc with smtp (Exim 2.10)
id 10Cqsv-00066I-00; Tue, 16 Feb 1999 15:14:21 -0500
Message-Id: <4.1.19990216150649.00c0ac20@mailnyc>
Date: Tue, 16 Feb 1999 15:09:37 -0500
Reply-To: [email protected]
Sender: [email protected]
From: John-Paul Pagano <[email protected]>
To: Bernhard Rosenkraenzer <[email protected]>
Cc: [email protected]
Subject: Re: Further Diagnosis: ls problems
In-Reply-To: <[email protected]
s.eu.org>
References: <4.1.19990216141906.00c0f9c0@mailnyc>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Sender: jpagano@mailnyc
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

At 09:07 PM 2/16/99 +0100, you wrote:
>On Tue, 16 Feb 1999, John-Paul Pagano wrote:
>
>> I was wondering if anyone knows of a server side config option in wu-ftpd
>> that will better enable encrypted client access to the server?
>
>If KRB5/GSSAPI is what you're looking for, get BeroFTPD
>(ftp://beroftpd.unix.eu.org/pub/BeroFTPD/BeroFTPD-1.3.3.tar.gz)
>
>> One final question, if there a server-side config option that will let me
>> enable the dir command?
>
>Should work without problems if you've set up a chroot system with
>statically linked ls and such.
>If you don't want to go through the trouble of putting ls in every user's
>home directory, look at BeroFTPD which implements ls internally.
>
>LLaP
>bero

Well, I don't think the problem is with wu-ftpd, although I was trying to
make sure by asking whether or not there was a server-side config option
that deals with encrypted ftp client access. I believe there is a bug in
NEC SOCKS4, which is the implementation I am using, that screws up file
listings and other essential behaviors on the client side. I don't know
how switching to BeroFTPD would address that problem, although it may have
native ls support.

Again, however, let me stress that Wu-FTPD is working fine without having a
statically built ls in every user's home directory. I can't use ls -l,
which I would very much like to, and I have discovered this SOCKS issue,
but other than that it works fine without the static binary rigamarole.

--
John-Paul Pagano
Unix Systems Administrator
Voice: (212) 208-0828
Fax: (212) 825-1040

From [email protected] Tue Feb 16 14:29:00 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id OAA18092;
Tue, 16 Feb 1999 14:28:59 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id OAA24330;
Tue, 16 Feb 1999 14:25:32 -0600 (CST)
Received: from frontiernet.net ([email protected] [209.130.129.198])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id OAA28681
for <[email protected]>; Tue, 16 Feb 1999 14:19:36 -0600 (CST)
Received: (from dsf@localhost)
by frontiernet.net (8.8.8a/8.8.8) id PAA36428;
Tue, 16 Feb 1999 15:19:26 -0500
Message-Id: <[email protected]>
Date: Tue, 16 Feb 1999 15:19:24 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Dan Foster <[email protected]>
To: [email protected]
Cc: [email protected], [email protected] (Dan Foster)
Subject: Re: wu-ftpd-2.4.2-beta-18-vr13 fails on AIX 4.2.1
In-Reply-To: <[email protected]> from Steve D'Angona X4319 at "Feb 16, 99 03:02:56 pm"
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Mailer: ELM [version 2.4ME+ PL35 (25)]
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Hot Diggety! On a bright and sunny day, Steve D'Angona X4319 was rumored to have said...
> I experienced the same problem using AIX V 4.3.2 and AIX C compiler
> V4.4. Its peculiar because not all clients experienced the problem. We
> have AIX and Sun boxes which did not have the problem. SGI's and FTP
> Software's ftp clients did experience the problem...
>
> I have tried the two offered workarounds. The first did not work with
> IBM's C compiler. I put #undef THROUGHPUT in the main config.h and
> src/config.h with the same results....
>
> When I try a "get" from SGI boxes, and some other clients, I still get
>
> 451 local resource failure: malloc: Error 0.

I think that's because you may have -D_AIX42 (for 4.2 and up) which
will select _LARGE_FILES, and *that* ends up picking the long long
value for off_t (look in system header file to find the #ifdef case).
(to support 64 bit file offsets, hence, not limited to +/- 2GB seeks)

One variable in there, blkcnt_size (if I recall?) is then typecasted
to an u_int, and I think endianness (AIX runs on big endian boxes AFAIK)
comes into play, reads 0 from some of the higher order memory locations that
an off_t takes up. And then when the code malloc(0), that fails...

Solution? Change (u_int) blkcnt_size to (off_t) blkcnt_size in
src/ftpd.c whereever you see it. I think it shows up in only one place?
off_t is supposed to be a more portable solution, I believe so it shouldn't
break even if an OS has 32bit support. (In AIX, if _LARGE_FILES is not
defined, then it will select a 'long' for off_t)

A 'proper' solution would probably involve creating a new #define in
the OS-specific config file for wu-ftpd (or one of its derivatives) and
allowing it to be set to an OS-specific typedef if set, else default to
u_int or something.

I also ran across several other 32/64 bit issues, mostly with %d, %ld, and
%lld printf templates - I'd have to dig up my patch. 64 bit-enabled code
should use %lld, 32 bit use %ld. Will print garbage if use wrong one,
sometimes compounded by architectural design (big/little endianness).

-Dan

From [email protected] Tue Feb 16 14:41:54 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id OAA18329;
Tue, 16 Feb 1999 14:41:54 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id OAA05925;
Tue, 16 Feb 1999 14:38:18 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id OAA24693
for <[email protected]>; Tue, 16 Feb 1999 14:33:46 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id PAA01977;
Tue, 16 Feb 1999 15:33:12 -0500
Message-Id: <[email protected]>
Date: Tue, 16 Feb 1999 15:33:11 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: Dan Foster <[email protected]>
Cc: [email protected], [email protected]
Subject: Re: wu-ftpd-2.4.2-beta-18-vr13 fails on AIX 4.2.1
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Tue, 16 Feb 1999, Dan Foster wrote:

> Hot Diggety! On a bright and sunny day, Steve D'Angona X4319 was
> rumored to have said...
>
> > I experienced the same problem using AIX V 4.3.2 and AIX C compiler
> > V4.4. Its peculiar because not all clients experienced the problem. We
> > have AIX and Sun boxes which did not have the problem. SGI's and FTP
> > Software's ftp clients did experience the problem...
> >
> > I have tried the two offered workarounds. The first did not work with
> > IBM's C compiler. I put #undef THROUGHPUT in the main config.h and
> > src/config.h with the same results....
> >
> > When I try a "get" from SGI boxes, and some other clients, I still get
> >
> > 451 local resource failure: malloc: Error 0.
>
> I think that's because you may have -D_AIX42 (for 4.2 and up) which
> will select _LARGE_FILES, and *that* ends up picking the long long
> value for off_t (look in system header file to find the #ifdef case).
> (to support 64 bit file offsets, hence, not limited to +/- 2GB seeks)
>
> One variable in there, blkcnt_size (if I recall?) is then typecasted
> to an u_int, and I think endianness (AIX runs on big endian boxes
> AFAIK) comes into play, reads 0 from some of the higher order memory
> locations that an off_t takes up. And then when the code malloc(0),
> that fails...
>
> Solution? Change (u_int) blkcnt_size to (off_t) blkcnt_size in
> src/ftpd.c whereever you see it. I think it shows up in only one
> place? off_t is supposed to be a more portable solution, I believe so
> it shouldn't break even if an OS has 32bit support. (In AIX, if
> _LARGE_FILES is not defined, then it will select a 'long' for off_t)
>
> A 'proper' solution would probably involve creating a new #define in
> the OS-specific config file for wu-ftpd (or one of its derivatives)
> and allowing it to be set to an OS-specific typedef if set, else
> default to u_int or something.
>
> I also ran across several other 32/64 bit issues, mostly with %d, %ld,
> and %lld printf templates - I'd have to dig up my patch. 64
> bit-enabled code should use %lld, 32 bit use %ld. Will print garbage
> if use wrong one, sometimes compounded by architectural design
> (big/little endianness).
>
> -Dan
>

Patches are good, Greg likes patches. Wouldn't happen to have some would
you? Especially over the past week or so, with the growth in installed
base, I've got a lot of little things to fix up; patches make it go a lot
faster. I'll take a look at the u_int/off_t thingy but I could swear I'd
already changed it to off_t and that didn't help.

I tried to fix a lot of the problems with garbage printing on wide
machines .. did I miss any?

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Tue Feb 16 14:54:51 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id OAA18500;
Tue, 16 Feb 1999 14:54:48 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id OAA15991;
Tue, 16 Feb 1999 14:51:09 -0600 (CST)
Received: from biff.stud.ntnu.no (biff.stud.ntnu.no [129.241.56.18])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id OAA25505
for <[email protected]>; Tue, 16 Feb 1999 14:50:01 -0600 (CST)
Received: (from joge@localhost)
by biff.stud.ntnu.no (8.9.1/8.9.1) id VAA11151;
Tue, 16 Feb 1999 21:49:56 +0100 (MET)
Message-Id: <[email protected]>
Date: Tue, 16 Feb 1999 21:49:55 +0100 (MET)
Reply-To: [email protected]
Sender: [email protected]
From: Geir Johannessen <[email protected]>
To: [email protected] (Chad Price)
Cc: [email protected]
Subject: Re: -X not working
In-Reply-To: <[email protected]> from Chad Price at "Feb 16, 1999 12:38:13 pm"
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Url: http://www.stud.ntnu.no/~joge/
X-Mailer: ELM [version 2.4ME+ PL50 (25)]
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

[Copy to wu-ftpd list in case anyone else wonders if it is only my syslog
not workig properly.]

> >I am running beta18-VR13 on a Solaris 2.5.1 machine. Earlier I used beta18
> >with some hacks in ftpd.c to have it log file transfers to syslog instead
> >of the xferlog file. Now I see there is a -X option that is supposed to
> >handle it. I start ftpd by this line:
> >
> >ftpd -l -t300 -T600 -a -i -o -X -u077
> >
> >But nothing is logged to syslog before I add the line 'log syslog' to
> >ftpaccess. So the -X options had better be checked out a bit...
> >
> I don't want to be too pedantic, but the man page says:
> [cut]
> "saved via syslog"
>
> So the question is - Have you changed your syslog file in the syslog.conf
> file? I have, and so system logging no longer goes to the syslog file.

Everything in syslog on our site is sent to a central machine where it is
saved in a separate file for each type (mail,news,local0,local1,..) and for
each degree (alert,emerg,debug,..). So everything for the ftp daemon is
saved in local5.debug, local5.notice and so on. When I have -X, no
transfers are logged to syslog. But if I say 'log syslog' in ftpaccess it
logs to local5.info just as it is supposed to.

The option in ftpaccess works and the command line option does not. To me
this indicates that something is wrong with the command line option... :)

--
Geir Johannessen # [email protected]
E B Schieldropsvei 35-25 # http://www.stud.ntnu.no/~joge/
N-7033 TRONDHEIM, NORWAY # Tlf private +47-73888989, job +47-73598048
"Anything good in life is either illegal, immoral or fattening."

From [email protected] Tue Feb 16 15:01:01 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id PAA18615;
Tue, 16 Feb 1999 15:01:00 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id OAA02637;
Tue, 16 Feb 1999 14:57:29 -0600 (CST)
Received: from uai.com (Sun4.UAI.COM [149.86.1.2])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id OAA22829
for <[email protected]>; Tue, 16 Feb 1999 14:51:29 -0600 (CST)
Received: from octane.UAI.COM by uai.com with SMTP id AA27158
(5.65c/IDA-1.4.4 for <[email protected]>); Tue, 16 Feb 1999 12:51:27 -0800
Received: from uai.com by octane.UAI.COM id <[email protected]>; Tue, 16 Feb 1999 12:51:25 -0800
Message-Id: <[email protected]>
Date: Tue, 16 Feb 1999 12:51:25 -0800
Reply-To: [email protected]
Sender: [email protected]
From: Richard L Hoesly <[email protected]>
To: Gregory A Lundberg <[email protected]>
Cc: [email protected]
Subject: SunOS 4.1.3_U1 compile problems
References: <[email protected]>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Sender: [email protected]
X-Mailer: Mozilla 4.5 [en] (X11; U; IRIX64 6.4 IP30)
X-Accept-Language: en
X-MIME-Autoconverted: from base64 to 8bit by wugate.wustl.edu id OAA03442
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Gregory A Lundberg wrote:

> It just so happens I'm logged into an s41 box right now.
>
> On Tue, 16 Feb 1999, Richard L Hoesly wrote:
>
> > I found the following on my SunOS 4.1.4 system by searching every include file.
> >
> > ./usr/lang/SC3.0.1/include/cc_411/stdlib.h: #define RAND_MAX 32767
> > ./usr/lang/SC3.0.1/include/cc_412/stdlib.h: #define RAND_MAX 32767
> > ./usr/lang/SC3.0.1/include/cc_413/stdlib.h: #define RAND_MAX 32767
> > ./usr/lang/SC3.0.1/include/cc_413_U1/stdlib.h: #define RAND_MAX 32767
> > ./usr/lang/SC3.0.1patch/include/cc_411/stdlib.h: #define RAND_MAX 32767
> > ./usr/lang/SC3.0.1patch/include/cc_412/stdlib.h: #define RAND_MAX 32767
> > ./usr/lang/SC3.0.1patch/include/cc_413/stdlib.h: #define RAND_MAX 32767
> > ./usr/lang/SC3.0.1patch/include/cc_413_U1/stdlib.h: #define RAND_MAX 32767
> > ./usr/lang/SC3.0.1patch/include/cc_413_JL/stdlib.h: #define RAND_MAX 32767
> > ./usr/lang/SC3.0.1patch/include/cc_414/stdlib.h: #define RAND_MAX 32767
> > ./usr/lang/SC3.0.1patch/include/cc_414_JL/stdlib.h: #define RAND_MAX 32767
>
> Don't see any of these guys.
>

These are from the C compiler that comes as part of the SPARCWorks, not
the free one.

------------------------------------------------------------------
Richard L. Hoesly Phone: 310-214-2922
Directory of Software Systems FAX: 310-214-3420
Universal Analytics, Inc. Email: [email protected]
3625 Del Amo Blvd., Suite 370
Torrance, California 90503

From [email protected] Tue Feb 16 15:03:12 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id PAA18639;
Tue, 16 Feb 1999 15:03:12 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id OAA13169;
Tue, 16 Feb 1999 14:59:43 -0600 (CST)
Received: from hahp9k.harte-lyne.ca (hahp9k.harte-lyne.ca [209.47.131.101])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id OAA04058
for <[email protected]>; Tue, 16 Feb 1999 14:55:45 -0600 (CST)
Received: from u01 (hal_ham_g01_u01.harte-lyne.ca [209.47.131.111])
by hahp9k.harte-lyne.ca (8.8.7/8.8.7) with SMTP id PAA21363;
Tue, 16 Feb 1999 15:58:05 -0500 (EST)
Message-Id: <[email protected]>
Date: Tue, 16 Feb 1999 15:47:33 -0500
Reply-To: [email protected]
Sender: [email protected]
From: "James B. Byrne" <[email protected]>
To: Bernhard Rosenkraenzer <[email protected]>,
[email protected]
Subject: Re: Further Diagnosis: ls problems
In-Reply-To: <Pine.LNX.4.10.9902162105380.14731-100000@k6.microsoft.sucks.eu.org>
References: <4.1.19990216141906.00c0f9c0@mailnyc>
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
X-mailer: Pegasus Mail for Win32 (v3.01d)
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On 16 Feb 99, at 21:07, Bernhard Rosenkraenzer wrote:

> If KRB5/GSSAPI is what you're looking for, get BeroFTPD
> (ftp://beroftpd.unix.eu.org/pub/BeroFTPD/BeroFTPD-1.3.3.tar.gz)
>

I get a dns error saying that there is no such host as
beroftpd.unix.eu.org. Is this correct?

Regards,
Jim
---
James B. Byrne Harte & Lyne Limited
vox: +1 905 561 1241 9 Brockley Drive
fax: +1 905 561 0757 Hamilton, Ontario
mailto:[email protected] Canada L8E 3C3

From [email protected] Tue Feb 16 15:07:12 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id PAA18691;
Tue, 16 Feb 1999 15:07:11 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id PAA21637;
Tue, 16 Feb 1999 15:03:50 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id OAA02023
for <[email protected]>; Tue, 16 Feb 1999 14:58:36 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id PAA02319;
Tue, 16 Feb 1999 15:58:15 -0500
Message-Id: <[email protected]>
Date: Tue, 16 Feb 1999 15:58:14 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: Dan Foster <[email protected]>
Cc: [email protected], [email protected]
Subject: Re: wu-ftpd-2.4.2-beta-18-vr13 fails on AIX 4.2.1
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Tue, 16 Feb 1999, Gregory A Lundberg wrote:

> > Solution? Change (u_int) blkcnt_size to (off_t) blkcnt_size in
> > src/ftpd.c whereever you see it. I think it shows up in only one
> > place? off_t is supposed to be a more portable solution, I believe so
> > it shouldn't break even if an OS has 32bit support. (In AIX, if
> > _LARGE_FILES is not defined, then it will select a 'long' for off_t)

I don't see this at all. In fact, the only u_int I see is in a piece of
'well, duh!' code which I don't think is related to the problem at all.

Index: popen.c
===================================================================
RCS file: /cvsroot/wu-ftpd/src/popen.c,v
retrieving revision 1.1.1.1.2.6.2.2
diff -c -r1.1.1.1.2.6.2.2 popen.c
*** popen.c 1998/11/06 22:56:58 1.1.1.1.2.6.2.2
--- popen.c 1999/02/16 20:54:01
***************
*** 118,126 ****
return (NULL);

if (!pids) {
! if ((pids = (int *) malloc((u_int) (fds * sizeof(int)))) == NULL)
return (NULL);
- (void) memset((void *)pids, 0, fds * sizeof(int));
}
if (pipe(pdes) < 0)
return (NULL);
--- 118,126 ----
return (NULL);

if (!pids) {
! pids = (int *) calloc (fds, sizeof (int));
! if (pids == NULL)
return (NULL);
}
if (pipe(pdes) < 0)
return (NULL);

Yes, I know pids should be pid_t instead of int but I don't wanna go that
deep into it just yet.

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Tue Feb 16 15:20:03 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id PAA18902;
Tue, 16 Feb 1999 15:20:01 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id PAA31840;
Tue, 16 Feb 1999 15:16:37 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id PAA19469
for <[email protected]>; Tue, 16 Feb 1999 15:10:28 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id QAA02502;
Tue, 16 Feb 1999 16:10:01 -0500
Message-Id: <[email protected]>
Date: Tue, 16 Feb 1999 16:10:01 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: "James B. Byrne" <[email protected]>
Cc: Bernhard Rosenkraenzer <[email protected]>,
[email protected]
Subject: Re: Further Diagnosis: ls problems
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Tue, 16 Feb 1999, James B. Byrne wrote:

> > If KRB5/GSSAPI is what you're looking for, get BeroFTPD
> > (ftp://beroftpd.unix.eu.org/pub/BeroFTPD/BeroFTPD-1.3.3.tar.gz)
> >
>
> I get a dns error saying that there is no such host as
> beroftpd.unix.eu.org. Is this correct?

Not only are telco/ISP rates lousy in Europe, but sometimes things go
flaky.

I have a local copy in ftp://ftp.vr.net/ and so do my mirrors.
Bernard's mirrors are:

ftp://beroftpd.unix.eu.org/pub/BeroFTPD/
ftp://ftp.croftj.net/usr/bero/BeroFTPD/
ftp://ftp.sunet.se/pub/nir/ftp/servers/BeroFTPD/
ftp://sunsite.cnlab-switch.ch/mirror/BeroFTPD/

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Tue Feb 16 15:22:31 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id PAA18929;
Tue, 16 Feb 1999 15:22:30 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id PAA25953;
Tue, 16 Feb 1999 15:18:50 -0600 (CST)
Received: from hahp9k.harte-lyne.ca (hahp9k.harte-lyne.ca [209.47.131.101])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id PAA30177
for <[email protected]>; Tue, 16 Feb 1999 15:15:14 -0600 (CST)
Received: from u01 (hal_ham_g01_u01.harte-lyne.ca [209.47.131.111])
by hahp9k.harte-lyne.ca (8.8.7/8.8.7) with SMTP id QAA21652;
Tue, 16 Feb 1999 16:17:17 -0500 (EST)
Message-Id: <[email protected]>
Date: Tue, 16 Feb 1999 16:06:45 -0500
Reply-To: [email protected]
Sender: [email protected]
From: "James B. Byrne" <[email protected]>
To: Gregory A Lundberg <[email protected]>,
Bernhard Rosenkraenzer <[email protected]>,
[email protected]
Subject: Bero Mirrors
In-Reply-To: <[email protected]>
References: <[email protected]>
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
X-mailer: Pegasus Mail for Win32 (v3.01d)
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Thank You.

Regards,
Jim
---
James B. Byrne Harte & Lyne Limited
vox: +1 905 561 1241 9 Brockley Drive
fax: +1 905 561 0757 Hamilton, Ontario
mailto:[email protected] Canada L8E 3C3

From [email protected] Tue Feb 16 16:48:46 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id QAA20048;
Tue, 16 Feb 1999 16:48:46 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id QAA04131;
Tue, 16 Feb 1999 16:41:33 -0600 (CST)
Received: from ckgppxy1.proxy.att.com (ckmsfw1.att.com [12.20.58.157])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id QAA04278
for <[email protected]>; Tue, 16 Feb 1999 16:34:35 -0600 (CST)
Received: from merlin.lz.att.com ([135.25.200.5])
by ckgppxy1.proxy.att.com (AT&T/IPNS/GW-1.0) with SMTP id RAA07352
for <[email protected]>; Tue, 16 Feb 1999 17:34:03 -0500 (EST)
Received: by merlin.lz.att.com with SMTP (Microsoft Exchange Server Internet Mail Connector Version 4.0.996.62)
id <[email protected]>; Tue, 16 Feb 1999 17:36:13 -0500
Message-Id: <c=US%a=_%p=att%[email protected]>
Date: Tue, 16 Feb 1999 17:36:11 -0500
Reply-To: [email protected]
Sender: [email protected]
From: Roger Hanke <[email protected]>
To: "'WUFTPD List'" <[email protected]>
Subject: BeroFTPD 1.2.3 internal ls problem?
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Exchange Server Internet Mail Connector Version 4.0.996.62
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Dear All,
Was wondering if anyone else has seen the below behavior
when listing out the device files in a guest or anonymous
users area. The size is reported incorrectly for the
ls -l command when the builtin ls is being used.
Went back and checked the Beta 13 version I had been
using which kicked to an external ls of course for this
command and it does list the major minor numbers as
expected.
Roger Hanke

BeroFTPD 1.2.3
ftp> cd dev
250 CWD command successful.
ftp> ls -l
200 PORT command successful.
150 Opening ASCII mode data connection for directory listing.
total 0
crw-rw-rw- 1 root sys 2147483647 Jul 23 1997 tcp
crw-rw-rw- 1 root sys 0 Jul 23 1997 zero
226 Transfer complete.
remote: -l
132 bytes received in 0.0043 seconds (30 Kbytes/s)
ftp>

Beta 13
ftp> ls -l
200 PORT command successful.
150 Opening ASCII mode data connection for /bin/ls.
total 0
crw-rw-rw- 1 root sys 11, 42 Jul 23 1997 tcp
crw-rw-rw- 1 root sys 13, 12 Jul 23 1997 zero
226 Transfer complete.
remote: -l
130 bytes received in 0.0023 seconds (56 Kbytes/s)
ftp>
-----------------------------------------------------
Roger A. Hanke AT&T Web Site Services
(732)576-5738 [email protected]
FAX (732)576-6041 http://lynxhub.att.com/~rah/
-----------------------------------------------------

From [email protected] Tue Feb 16 16:57:41 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id QAA20124;
Tue, 16 Feb 1999 16:57:40 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id QAA20813;
Tue, 16 Feb 1999 16:54:20 -0600 (CST)
Received: from wolverine.emji.net (wolverine.emji.net [207.22.135.6])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id QAA04487
for <[email protected]>; Tue, 16 Feb 1999 16:47:46 -0600 (CST)
Received: from pbg3h.emji.net (pbg3h.emji.net [207.100.35.242])
by wolverine.emji.net (8.9.3/8.9.3) with ESMTP id RAA30539;
Tue, 16 Feb 1999 17:47:38 -0500
Message-Id: <[email protected]>
Date: Tue, 16 Feb 1999 17:47:24 -0500
Reply-To: [email protected]
Sender: [email protected]
From: "Scott R. Every" <[email protected]>
To: [email protected], "'WUFTPD List'" <[email protected]>
Subject: Re: BeroFTPD 1.2.3 internal ls problem?
In-Reply-To: <c=US%a=_%p=att%[email protected]>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-Mailer: Mulberry (MacOS) [1.4.0, s/n U-200388]
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

It does the same for me, I asked about this a couple weeks ago, but
received no answer.

s

--On Tue, Feb 16, 1999 5:36 PM -0500 Roger Hanke <[email protected]> wrote:

> Dear All,
> Was wondering if anyone else has seen the below behavior
> when listing out the device files in a guest or anonymous
> users area. The size is reported incorrectly for the
> ls -l command when the builtin ls is being used.
> Went back and checked the Beta 13 version I had been
> using which kicked to an external ls of course for this
> command and it does list the major minor numbers as
> expected.
> Roger Hanke
>
> BeroFTPD 1.2.3
> ftp> cd dev
> 250 CWD command successful.
> ftp> ls -l
> 200 PORT command successful.
> 150 Opening ASCII mode data connection for directory listing.
> total 0
> crw-rw-rw- 1 root sys 2147483647 Jul 23 1997 tcp
> crw-rw-rw- 1 root sys 0 Jul 23 1997 zero
> 226 Transfer complete.
> remote: -l
> 132 bytes received in 0.0043 seconds (30 Kbytes/s)
> ftp>
>
> Beta 13
> ftp> ls -l
> 200 PORT command successful.
> 150 Opening ASCII mode data connection for /bin/ls.
> total 0
> crw-rw-rw- 1 root sys 11, 42 Jul 23 1997 tcp
> crw-rw-rw- 1 root sys 13, 12 Jul 23 1997 zero
> 226 Transfer complete.
> remote: -l
> 130 bytes received in 0.0023 seconds (56 Kbytes/s)
> ftp>
> -----------------------------------------------------
> Roger A. Hanke AT&T Web Site Services
> (732)576-5738 [email protected]
> FAX (732)576-6041 http://lynxhub.att.com/~rah/
> -----------------------------------------------------

--
Scott R. Every "Everything is controlled by a small evil group to
EMJ Internet which, unfortunately, no one we know belongs."
voice : 1-800-548-2319 fax : 1-919-363-4423 mailto:[email protected]
WWW - http://www.emji.net

Do you believe in Macintosh? Learn how to help the cause by
subscribing to the "EvangeList" listserver! Send email to:
<[email protected]> or go to:
<http://www.lists.apple.com/>

From [email protected] Tue Feb 16 17:49:36 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id RAA20653;
Tue, 16 Feb 1999 17:49:35 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id RAA05471;
Tue, 16 Feb 1999 17:45:44 -0600 (CST)
Received: from fatcat.inven.com (fatcat.inven.com [204.142.49.130])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id RAA17194
for <[email protected]>; Tue, 16 Feb 1999 17:40:53 -0600 (CST)
Received: from mailnyc [195.1.2.68]
by fatcat.inven.com with esmtp (Exim 1.71 #1)
id 10Cu7d-0004RJ-00; Tue, 16 Feb 1999 18:41:45 -0500
Received: by mailnyc with smtp (Exim 2.10)
id 10Cu8z-0000aY-00; Tue, 16 Feb 1999 18:43:09 -0500
Message-Id: <4.1.19990216181830.00b4cde0@mailnyc>
Date: Tue, 16 Feb 1999 18:38:25 -0500
Reply-To: [email protected]
Sender: [email protected]
From: John-Paul Pagano <[email protected]>
To: [email protected]
Subject: Insane Acrobatics to get ls -l working
In-Reply-To: <[email protected]>
References: <Pine.LNX.4.10.9902162105380.14731-100000@k6.microsoft.sucks.eu.org>
<4.1.19990216141906.00c0f9c0@mailnyc>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Sender: jpagano@mailnyc
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Hi,

I have finally found the following, seemingly viable method for enabling ls
-l under wu-ftpd.

1. Make the following subdirectories in your user's chrooted / :

usr
dev

2. Copy the following files into ~user/usr :

ld.so.1
libc.so.1
libdl.so.1

3. Run ldd against the ~user/bin/ls to make sure that no libraries come up
that you haven't already copied to ~user/usr.

4. ls -l your whatever /dev/zero is linked to on your machine. E.g.

bash# ls -l /dev/zero
lrwxrwxrwx 1 root root 27 Feb 2 13:14 /dev/zero ->
./devices/pseudo/mm@0:zero
bash# ls -l "/devices/pseudo/mm@0:zero"
crw-rw-rw- 1 root sys 13, 12 Feb 2 13:14
/devices/pseudo/mm@0:zero

Make note of the major and minor numbers (13,12). Then create a device in
~user/usr based on those numbers, e.g. (if you are sitting in ~user):

bash# mknod dev/zero c 13 12

This should create an identical /dev/zero device to the one actually
located in /dev/zero, for use in the user's chrooted environment. At least
on Solaris 2.5.1, I have found that non-statically built ls will not
function without this device file.

5. "Beta" test by executing the following command:

bash# truss -f chroot ~user/bin/ls > /tmp/ls.log 2>> /tmp/ls.log

If everything is kosher, you won't see anything erroneous-looking in the
output. You may find that "Err#2 ENOENT" comes up, but that's an innocuous
notification that (I think) merely has something to do with the process
trying to write to a pseudo terminal device.

6. Finally, prune from or otherwise don't try to use the following
directives in your ftpaccess file:

lslong <command> [<options>... ]
lsshort <command> [<options>... ]
lsreal <command> [<options>... ]
lsplain <command> [<options>... ]

They don't seem to do squat, at least after hours of trying to get them to
work on my machine. To be sure, I could just be doing something dumb, and
these directives work fine, but, the bottom line is that I am now able to
get ls -l and dir to work without interpolating these lines into my
ftpaccess file. The only affect that these directives did have was
allowing ls -l but breaking the dir command, before I commented them out
altogether.

--
John-Paul Pagano
Unix Systems Administrator
Voice: (212) 208-0828
Fax: (212) 825-1040

From [email protected] Wed Feb 17 00:39:17 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id AAA24867;
Wed, 17 Feb 1999 00:39:16 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id AAA03649;
Wed, 17 Feb 1999 00:34:32 -0600 (CST)
Received: from tounes.gw.tn (tounes.gw.tn [193.95.50.118])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id AAA23237
for <[email protected]>; Wed, 17 Feb 1999 00:29:09 -0600 (CST)
Received: from tounes.tn (tounes.tn [193.95.50.110])
by tounes.gw.tn (8.8.8/8.8.8) with ESMTP id HAA12988
for <[email protected]>; Wed, 17 Feb 1999 07:25:12 -0100 (GMT)
Received: from tounes.ati.tn (tounes.ati.tn [193.95.66.21])
by tounes.tngw.tn (8.8.8/8.8.8) with ESMTP id WAA10331;
Tue, 16 Feb 1999 22:01:45 -0100 (GMT)
Received: from mail.gnet.tn ([193.95.67.109])
by tounes.ati.tn (8.8.8/8.8.8) with SMTP id WAA13972;
Tue, 16 Feb 1999 22:08:41 -0100
Received: from gnet.tn by mail.gnet.tn (SMI-8.6/SMI-SVR4)
id WAA04467; Tue, 16 Feb 1999 22:03:30 -0100
Message-Id: <[email protected]>
Date: Tue, 16 Feb 1999 21:57:18 +0100
Reply-To: [email protected]
Sender: [email protected]
From: Fathi Ben Nasr <[email protected]>
To: [email protected], Abdelaziz Kraidi <[email protected]>,
belgacem felah <[email protected]>,
Chamseddine Chaabani <[email protected]>,
fathi ben nasr <[email protected]>,
Fethi Filali <[email protected]>,
Harald Tveit Alvestrand <[email protected]>,
"I.T. System s.r.l." <[email protected]>,
Imed Chihi <[email protected]>,
Imed Romdhani <[email protected]>,
Linuxconf Mailing List <[email protected]>,
Mahdi Ben Jelloul <[email protected]>, moez mahfoudh <[email protected]>,
Mohamed Mkhinini <[email protected]>,
Slah Elashtar <[email protected]>,
slimane ben miled <[email protected]>,
tarek hannoudi <[email protected]>,
"TLUG's Mailing List" <[email protected]>,
william armbruster <[email protected]>,
moez mahfoudh <[email protected]>,
Walid Khedher <[email protected]>
Subject: [Fwd: Attenzione virus !!!!!!!!!!!!!!!!!!!!!]
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="------------43642978DDBBE19FE51A3C2D"
X-Mailer: Mozilla 4.5 [fr] (Win95; I)
X-Accept-Language: fr
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Il s'agit d'un message multivolet au format MIME.
--------------43642978DDBBE19FE51A3C2D
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

--------------43642978DDBBE19FE51A3C2D
Content-Type: message/rfc822
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Return-Path: <[email protected]>
Received: from tounes.ati.tn by mail.gnet.tn (SMI-8.6/SMI-SVR4)
id TAA01802; Tue, 16 Feb 1999 19:28:48 -0100
Received: from tounes.gw.tn (tounes.gw.tn [193.95.50.118])
by tounes.ati.tn (8.8.8/8.8.8) with ESMTP id TAA05054
for <[email protected]>; Tue, 16 Feb 1999 19:33:25 -0100
Received: from tounes.tn (tounes.tn [193.95.50.110])
by tounes.gw.tn (8.8.8/8.8.8) with ESMTP id TAA11845
for <[email protected]>; Tue, 16 Feb 1999 19:23:06 -0100 (GMT)
Received: from mail1.mclink.it (net128-007.mclink.it [195.110.128.7])
by tounes.tngw.tn (8.8.8/8.8.8) with ESMTP id TAA03253
for <[email protected]>; Tue, 16 Feb 1999 19:25:55 -0100 (GMT)
Received: from olivetti (net132-181.mclink.it [195.110.132.181])
by mail1.mclink.it (8.9.1/8.9.0) with SMTP id TAA27172;
Tue, 16 Feb 1999 19:25:06 +0100 (CET)
Message-Id: <003201be59d1$9337d7e0$b5846ec3@olivetti>
From: "Lorenzo Senes" <[email protected]>
To: "Barbara Senes" <[email protected]>,
"Ezio Scimone" <[email protected]>,
"Francesca Sanguineti" <[email protected]>,
"Fathi Ben Nasr" <[email protected]>,
"Luca Masia" <[email protected]>,
"Eric Gauthier" <[email protected]>,
"Dipartimento Didattica" <[email protected]>,
"Ginette Castro" <[email protected]>, "Gianni Berti" <[email protected]>
Subject: Attenzione virus !!!!!!!!!!!!!!!!!!!!!
Date: Tue, 16 Feb 1999 19:26:40 +0200
MIME-Version: 1.0
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 4.72.2106.4
X-MimeOLE: Produced By Microsoft MimeOLE V4.72.2106.4
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-MIME-Autoconverted: from 8bit to quoted-printable by tounes.ati.tn id TAA05054
X-Mozilla-Status2: 00000000

Original message send from IBM.
>>
>> Beware to the message: JOIN THE CREW for PENPALS.
>>
>> Please do no open because it contains a VIRUS, it is going to
collapse
>your
>> hard-disk and directly forward to all yours email address.
>>
>> Please forward the message to your friends.
>>
>>
>> ***************
>>
>>
>>Messaggio ricevuto questa mattina da IBM: se ricevete un e-mail
intitolata
>>JOIN THE CREW/for PENPALS NON APRITELA!!
>>
>>Sembra una lettera amichevole, ma in realt=E0 contiene un virus che, un=
a
>>volta aperta, infetter=E0 il boot sector del vostro hard-disk
(distruggendone
>>tutti i dati) e, cosa ancora pi=F9 drammatica, sar=E0 automaticamente
inoltrato
>>a tutti gli indirizzi e-mail presenti nella vostra casella!!
>>
>>Per cortesia inviate questo messaggio a tutte le persone di cui possede=
te

>>un indirizzo e-mail; secondo AOL si tratta di un virus molto pericoloso
per
>>il quale non esiste rimedio.
>>
>>
>>
>>

--------------43642978DDBBE19FE51A3C2D--

From [email protected] Wed Feb 17 03:52:16 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id DAA26170;
Wed, 17 Feb 1999 03:52:15 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id DAA13727;
Wed, 17 Feb 1999 03:47:30 -0600 (CST)
Received: from post.mail.demon.net (finch-post-10.mail.demon.net [194.217.242.38])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id DAA15524
for <[email protected]>; Wed, 17 Feb 1999 03:45:06 -0600 (CST)
Received: from [194.222.222.232] (helo=t-s-l.demon.co.uk)
by post.mail.demon.net with smtp (Exim 2.12 #1)
id 10D3XU-0005MR-00
for [email protected]; Wed, 17 Feb 1999 09:45:04 +0000
Received: by t-s-l.demon.co.uk with SMTP (Microsoft Exchange Server Internet Mail Connector Version 4.0.996.62)
id <[email protected]>; Wed, 17 Feb 1999 09:45:33 -0000
Message-Id: <c=US%a=_%p=TSL%[email protected]>
Date: Wed, 17 Feb 1999 09:45:32 -0000
Reply-To: [email protected]
Sender: [email protected]
From: Mark Francis <[email protected]>
To: "'[email protected]'" <[email protected]>
Subject: wu-ftpd-2.4.2-beta-18 fails on AIX 4.2
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Exchange Server Internet Mail Connector Version 4.0.996.62
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Hi everyone,
I've been out of the loop for a while, but I've still got a problem
with get i.e. it fails with :

451 Local resource failure: malloc: No such file or directory.

I read with interest the fixes applied to wu-ftpd.2.4.2-beta-vr13, I
had a look at the code I've got and found the fixes could not be
applied. I.e. No variable called blkcnt_size and off_t is not
defined.

I am by no means a C programmer (but I can work my way through the
code), is there any other suggestions out there to fix my problem ? or
should I change to wu-ftpd.2.4.2-beta-vr13 ? What does the vr13 stand
for ? Do I get any additional benefits ?
Cheers,
Mark Francis
Analyst/Programmer
Teamwork Solutions Ltd
Phone: +44(0) 161 228 2286
Fax: +44(o) 161 228 2900
Email: [email protected]
Web: http://teamwork-solutions.com

From [email protected] Wed Feb 17 04:16:30 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id EAA26307;
Wed, 17 Feb 1999 04:16:29 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id EAA24735;
Wed, 17 Feb 1999 04:13:15 -0600 (CST)
Received: from ns.matrix.ru (ns.matrix.ru [195.200.194.2])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id EAA12125
for <[email protected]>; Wed, 17 Feb 1999 04:11:56 -0600 (CST)
Received: from localhost (olegs@localhost)
by news.matrix.ru with SMTP id NAA13534
for <[email protected]>; Wed, 17 Feb 1999 13:10:57 +0300 (MSK)
(envelope-from [email protected])
Message-Id: <[email protected]>
Date: Wed, 17 Feb 1999 13:10:57 +0300 (MSK)
Reply-To: [email protected]
Sender: [email protected]
From: Oleg Semenyuk <[email protected]>
To: "'[email protected]'" <[email protected]>
Subject: wu-ftpd-2.4.2-beta-18 and FTPCHROOT
In-Reply-To: <c=US%a=_%p=TSL%[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Hi everyone,

1. Can wu-ftpd-2.4.2-beta-18 make chroot (restrict access above home
directory for some user)? How I can do it?

2. Does wu-ftpd-2.4.2-beta-18 vulnerable on *BSD systems?

thanks a lot,
Oleg.

From [email protected] Wed Feb 17 04:36:48 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id EAA26392;
Wed, 17 Feb 1999 04:36:47 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id EAA12328;
Wed, 17 Feb 1999 04:32:19 -0600 (CST)
Received: from smtp-server.nlr.nl (spider.nlr.nl [137.17.80.200])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id EAA13242
for <[email protected]>; Wed, 17 Feb 1999 04:30:25 -0600 (CST)
Received: from centurion.nlr.nl (centurion.nlr.nl [137.17.128.40])
by smtp-server.nlr.nl (8.9.1a/8.9.1/NLR 13/08/98) with SMTP id LAA12431;
Wed, 17 Feb 1999 11:29:52 +0100 (CET)
Received: from nlr.nl (localhost [127.0.0.1]) by centurion.nlr.nl (950413.SGI.8.6.12/950213.SGI.AUTOCF) via ESMTP id LAA12083 for <[email protected]>; Wed, 17 Feb 1999 11:29:51 +0100
Message-Id: <[email protected]>
Date: Wed, 17 Feb 1999 11:29:50 +0100
Reply-To: [email protected]
Sender: [email protected]
From: "M. van den Berg" <[email protected]>
To: [email protected]
Subject: how to choose a ftpd
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Sender: [email protected]
X-Mailer: Mozilla 4.5C-SGI [en] (X11; I; IRIX64 6.4 IP27)
X-Accept-Language: en
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Nowadays there are 4 ftpd players in the field, wu-ftpd / wu-ftpd-VR /
beroftpd and proftpd .
can someone give some advice on how to select which one to use.
Thanks

From [email protected] Wed Feb 17 05:08:15 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id FAA26653;
Wed, 17 Feb 1999 05:08:14 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id FAA19377;
Wed, 17 Feb 1999 05:04:47 -0600 (CST)
Received: from cello.digimark.net (ns1.digimark.net [209.67.203.9])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id EAA19715
for <[email protected]>; Wed, 17 Feb 1999 04:58:36 -0600 (CST)
Received: from cello.digimark.net (cello.digimark.net [209.67.203.10])
by cello.digimark.net (8.9.1a/8.9.1) with ESMTP id FAA25434
for <[email protected]>; Wed, 17 Feb 1999 05:58:35 -0500 (EST)
Message-Id: <[email protected]>
Date: Wed, 17 Feb 1999 05:58:35 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gary Goldberg <[email protected]>
To: [email protected]
Subject: Question regarding guests
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Hello. I've been pouring over the Guest How-TO, and I have this question:

I want to set up a situation where a web server has X subdirectories,
each owned by a different person, and each using wu-ftpd guests to let
the users log in through ftp only, maintain their documents, yet not be
allowed higher than their home directories. Sounds tailor made for guests
in wu-ftpd, yes? But I also want to provide them with a anonymous ftp root.
I'm thinking that I should put the bin/dev/etc/lib heirarchy in their home
directory, use the /./ nomenclature on their password file entry (I use
Solaris), together this will make the chroot work for them, and then also
duplicate the bin/dev/etc/lib directories in a ftp subdirectory, specifically
for anon ftp (entry in ftpaccess). Is this the best way? If I only had one
ftp root within the home directory, then anon-ftp users could see their
webroot (bad!) Is there any better way to do this?

Thanks. -Gary

- Do not taunt Happy Fun Ball.
Gary Goldberg KA3ZYW email: [email protected] 301/249-6501 ICQ: 22569505
Digital Marketing, Inc., Bowie, MD. http://www.digimark.net/

From [email protected] Wed Feb 17 05:14:14 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id FAA26702;
Wed, 17 Feb 1999 05:14:13 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id FAA19952;
Wed, 17 Feb 1999 05:10:56 -0600 (CST)
Received: from dragon.khe.siemens.de (dragon.khe.siemens.de [194.221.186.1])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id FAA19415
for <[email protected]>; Wed, 17 Feb 1999 05:06:43 -0600 (CST)
Received: (from root@localhost)
by dragon.khe.siemens.de (8.8.6/8.8.6) id MAA19511
for <[email protected]>; Wed, 17 Feb 1999 12:09:00 +0100 (MET)
Received: from gaweinv.khe.siemens.de(195.27.237.5) by dragon via smap (V2.0)
id xma019502; Wed, 17 Feb 99 12:08:43 +0100
Received: from sunny5.khe.siemens.de (sunny5.khe.siemens.de [193.40.20.25])
by gawein.khe.siemens.de (8.8.6/8.8.6) with SMTP id MAA18344
for <[email protected]>; Wed, 17 Feb 1999 12:06:11 +0100 (MET)
Received: from khe.siemens.de by sunny5.khe.siemens.de (SMI-8.6/SMI-SVR4)
id MAA22648; Wed, 17 Feb 1999 12:03:35 +0100
Message-Id: <[email protected]>
Date: Wed, 17 Feb 1999 12:03:33 +0100
Reply-To: [email protected]
Sender: [email protected]
From: Klaus-Peter Thronicke <[email protected]>
To: [email protected]
Subject: Re: Insane Acrobatics to get ls -l working
References: <Pine.LNX.4.10.9902162105380.14731-100000@k6.microsoft.sucks.eu.org>
<4.1.19990216141906.00c0f9c0@mailnyc> <4.1.19990216181830.00b4cde0@mailnyc>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="------------902032097E69D7F7831851A7"
X-Sender: [email protected]
X-Mailer: Mozilla 4.04 [en] (X11; I; SunOS 5.3 sun4m)
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

This is a multi-part message in MIME format.
--------------902032097E69D7F7831851A7
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

John-Paul Pagano wrote:

> Hi,
>
> I have finally found the following, seemingly viable method for enabling ls
> -l under wu-ftpd.
>
> 1. Make the following subdirectories in your user's chrooted / :
>
> usr
> dev
>
> 2. Copy the following files into ~user/usr :
>
> ld.so.1
> libc.so.1
> libdl.so.1

thank you John-Paul, good description...

although this shouldn't be to difficult....

At Solaris, `man ftpd` gives an excellent description AND a shell script to
do this....
I configured the ftp-user with this script, long before I installed wu-ftpd.
it worked fine with wu-ftpd too.
upto now I didn't come along problems.

for details see the attachment please.

--
Klaus-Peter Thronicke System-Administration Unix
Fingerprint: 4877 14F7 944B 6F11 49DB D895 1B79 E6BD
Keyserver: http://wwwkeys.pgp.net

2B || !2B

--------------902032097E69D7F7831851A7
Content-Type: text/plain; charset=us-ascii; name="man.ftpd.Sol23"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline; filename="man.ftpd.Sol23"

ftpd(1M) Maintenance Commands ftpd(1M)

NAME
ftpd - file transfer protocol server

SYNOPSIS
in.ftpd [ -dl ] [ -t_t_i_m_e_o_u_t ]

DESCRIPTION
ftpd is the Internet File Transfer Protocol (FTP) server
process. The server is invoked by the Internet daemon
inetd(1M) each time a connection to the FTP service (see
services(4)) is made.

OPTIONS
-d Debugging information is logged to the system
log daemon syslogd(1M).

-l Each FTP session is logged to the system log
daemon syslogd(1M).

- t_t_i_m_e_o_u_t Set the inactivity timeout period to
_t_i_m_e_o_u_tseconds. The FTP server will timeout an
inactive session after 15 minutes.

Requests
The FTP server currently supports the following FTP
requests; case is not distinguished.

ABOR abort previous command

ACCT specify account (ignored)

ALLO allocate storage (vacuously)

APPE append to a file

CDUP change to parent of current working directory

CWD change working directory

DELE delete a file

HELP give help information

LIST give list files in a directory (ls -lg)

MKD make a directory

MODE specify data transfer _m_o_d_e

NLST give name list of files in directory (ls)

NOOP do nothing

Sun Microsystems Last change: 10 Mar 1993 1

ftpd(1M) Maintenance Commands ftpd(1M)

PASS specify password

PASV prepare for server-to-server transfer

PORT specify data connection port

PWD print the current working directory

QUIT terminate session

RETR retrieve a file

RMD remove a directory

RNFR specify rename-from file name

RNTO specify rename-to file name

STOR store a file

STOU store a file with a unique name

STRU specify data transfer _s_t_r_u_c_t_u_r_e

TYPE specify data transfer _t_y_p_e

USER specify user name

XCUP change to parent of current working directory

XCWD change working directory

XMKD make a directory

XPWD print the current working directory

XRMD remove a directory

The remaining FTP requests specified in RFC 959 are recog-
nized, but not implemented.

The FTP server will abort an active file transfer only when
the ABOR command is preceded by a Telnet Interrupt Process
(IP) signal and a Telnet Synch signal in the command Telnet
stream, as described in RFC 959.

ftpd interprets file names according to the globbing conven-
tions used by sh(1). This allows users to utilize the meta-
characters: _**** _???? _[[[[ _]]]] _{{{{ _}}}} _~~~~

ftpd authenticates users according to four rules.

Sun Microsystems Last change: 10 Mar 1993 2

ftpd(1M) Maintenance Commands ftpd(1M)

1) The user name must be in the password data base,
/etc/passwd, and have a password that is not
null. A password must always be provided by the
client before any file operations may be per-
formed.

2) If the user name appears in the file
/etc/ftpusers, ftp access is denied.

3) ftp access is denied if the user's shell (from
/etc/passwd) is not listed in the file
/etc/shells. If the file /etc/shells does not
exist, then the user's shell must be one of the
following:

/usr/bin/sh /usr/bin/csh /usr/bin/ksh
/usr/bin/jsh /bin/sh /bin/csh
/bin/ksh /bin/jsh /sbin/sh
/sbin/jsh

4) If the user name is "anonymous" or "ftp", an
entry for the user name _f_t_p must be present in
the password and shadow files. The user is then
allowed to log in by specifying any password -
by convention this is given as the user's e-mail
address (such as [email protected]). Do not
specify a valid shell in the password entry of
the _f_t_p user, and do not give it a valid pass-
word (use NP in the encrypted password field of
the shadow file).

For anonymous ftp users, ftpd takes special measures to res-
trict the client's access privileges. The server performs a
chroot(2) command to the home directory of the ftp user. In
order that system security is not breached, it is recom-
mended that the ftp subtree be constructed with care; the
following rules are suggested.

~ftp Make the home directory owned by ftp and unwrit-
able by anyone. This directory should not be on
a file system mounted with the nosuid option.

~ftp/bin Make this directory owned by the super-user and
unwritable by anyone. Make this a symbolic link
to ~ftp/usr/bin The program ls(1) must be
present to support the list commands. This pro-
gram should have mode 111.

Sun Microsystems Last change: 10 Mar 1993 3

ftpd(1M) Maintenance Commands ftpd(1M)

~ftp/usr/lib
Make this directory owned by the super-user and
unwritable by anyone. Copy the following shared
libraries from /usr/lib into this directory.:

ld.so*
libc.so*
libdl.so*
libintl.so*
libw.so*
libnsl.so*
libsocket.so*
nss_nis.so*
nss_nisplus.so*
nss_dns.so*
nss_files.so*
straddr.so*

~ftp/etc Make this directory owned by the super-user and
unwritable by anyone. Copies of the files
passwd(4), group(4), and netconfig(4) must be
present for the ls command to work properly.
These files should be mode 444.

~ftp/pub Make this directory mode 777 and owned by ftp.
Users should then place files which are to be
accessible via the anonymous account in this
directory.

~ftp/dev Make this directory owned by the super-user and
unwritable by anyone. First perform ls -lL on
the device files listed below to determine their
major and minor numbers, then use mknod to
create them in this directory.

/dev/zero
/dev/tcp
/dev/udp
/dev/ticotsord

EXAMPLE
To set up anonymous ftp, add the following entry to the
/etc/passwd file. In this case, /export/ftp was chosen to be
the anonymous ftp area, and the shell is the non-existant
file /nosuchshell. This prevents users from logging in as
the ftp user.
ftp:x:30000:30000:Anonymous FTP:/export/ftp:/nosuchshell
Add the following entry to /etc/shadow:
ftp:NP:6445::::::

Sun Microsystems Last change: 10 Mar 1993 4

ftpd(1M) Maintenance Commands ftpd(1M)

The following is a shell script that will set up the
anonymous ftp area. It presumes that names are resolved
using NIS.

#!/bin/sh
# script to setup SunOS 5.3 anonymous ftp area
#

# handle the optional command line argument
case $# in

# the default location for the anon ftp comes from the passwd file
0) ftphome="`grep '^ftp:' /etc/passwd | cut -d: -f6`"
;;

1) if [ "$1" = "start" ]; then
ftphome="`grep '^ftp:' /etc/passwd | cut -d: -f6`"
else
ftphome=$1
fi
;;

*) echo "Usage: $0 [anon-ftp-root]"
exit 1
;;
esac

if [ -z "${ftphome}" ]; then
echo "$0: ftphome must be non-null"
exit 2
fi

# This script assumes that ftphome is neither / nor /usr so ...
if [ "${ftphome}" = "/" -o "${ftphome}" = "/usr" ]; then
echo "$0: ftphome must not be / or /usr"
exit 2
fi

# If ftphome does not exist but parent does, create ftphome
if [ ! -d ${ftphome} ]; then
# lack of -p below is intentional
mkdir ${ftphome}
fi

echo Setting up anonymous ftp area ${ftphome} for SunOS 5.3

# Ensure that the /usr/bin directory exists
if [ ! -d ${ftphome}/usr/bin ]; then
mkdir -p ${ftphome}/usr/bin
fi

cp /usr/bin/ls ${ftphome}/usr/bin

Sun Microsystems Last change: 10 Mar 1993 5

ftpd(1M) Maintenance Commands ftpd(1M)

chmod 111 ${ftphome}/usr/bin/ls

# Now set the ownership and modes to match the man page
chown root ${ftphome}/usr/bin
chmod 555 ${ftphome}/usr/bin

# this may not be the right thing to do
# but we need the bin -> usr/bin link
if [ -r ${ftphome}/bin ]; then
mv -f ${ftphome}/bin ${ftphome}/Obin
fi
ln -s usr/bin ${ftphome}

# Ensure that the /usr/lib and /etc directories exist
if [ ! -d ${ftphome}/usr/lib ]; then
mkdir -p ${ftphome}/usr/lib
fi
if [ ! -d ${ftphome}/etc ]; then
mkdir -p ${ftphome}/etc
fi

#Most of the following are needed for basic operation, except
#for libnsl.so, nss_nis.so, libsocket.so, and straddr.so which are
#needed to resolve NIS names.

cp /usr/lib/ld.so /usr/lib/ld.so.1 ${ftphome}/usr/lib

for lib in libc libdl libintl libw libnsl libsocket \
nss_nis nss_nisplus nss_dns nss_files
do
cp /usr/lib/${lib}.so.1 ${ftphome}/usr/lib
rm -f ${ftphome}/usr/lib/${lib}.so
ln -s ./${lib}.so.1 ${ftphome}/usr/lib/${lib}.so
done

cp /usr/lib/straddr.so.2 ${ftphome}/usr/lib
rm -f ${ftphome}/usr/lib/straddr.so
ln -s ./straddr.so.2 ${ftphome}/usr/lib/straddr.so

cp /etc/passwd /etc/group /etc/netconfig ${ftphome}/etc

chmod 555 ${ftphome}/usr/lib/*
chmod 444 ${ftphome}/etc/*

# Now set the ownership and modes
chown root ${ftphome}/usr/lib ${ftphome}/etc
chmod 555 ${ftphome}/usr/lib ${ftphome}/etc

# Ensure that the /dev directory exists
if [ ! -d ${ftphome}/dev ]; then
mkdir -p ${ftphome}/dev

Sun Microsystems Last change: 10 Mar 1993 6

ftpd(1M) Maintenance Commands ftpd(1M)

fi

# make device nodes. ticotsord and udp are necessary for
# 'ls' to resolve NIS names.
prefix="/devices/pseudo/mm@0:"

for device in zero
do
line=`ls -l ${prefix}${device} | sed -e 's/,//'`
major=`echo $line | awk '{print $5}'`
minor=`echo $line | awk '{print $6}'`
rm -f ${ftphome}/dev/${device}
mknod ${ftphome}/dev/${device} c ${major} ${minor}
done

prefix="/devices/pseudo/clone@0:"

for device in tcp udp ticotsord
do
line=`ls -l ${prefix}${device} | sed -e 's/,//'`
major=`echo $line | awk '{print $5}'`
minor=`echo $line | awk '{print $6}'`
rm -f ${ftphome}/dev/${device}
mknod ${ftphome}/dev/${device} c ${major} ${minor}
done
chmod 666 ${ftphome}/dev/*

## Now set the ownership and modes
chown root ${ftphome}/dev
chmod 555 ${ftphome}/dev

if [ ! -d ${ftphome}/pub ]; then
mkdir -p ${ftphome}/pub
fi
chown ftp ${ftphome}/pub
chmod 777 ${ftphome}/pub

DIAGNOSTICS
ftpd logs various errors to syslogd, with a facility code of
daemon.

Info Severity
These messages are logged only if the -l flag is specified.

FTPD: connection from _h_o_s_t at _t_i_m_e
A connection was made to ftpd from the host _h_o_s_t
at the date and time _t_i_m_e.

FTPD: User _u_s_e_r timed out after _t_i_m_e_o_u_t seconds at _t_i_m_e
The user _u_s_e_r was logged out because they had
not entered any commands after _t_i_m_e_o_u_t seconds;
the logout occurred at the date and time _t_i_m_e.

Sun Microsystems Last change: 10 Mar 1993 7

ftpd(1M) Maintenance Commands ftpd(1M)

Debug Severity
These messages are logged only if the -d flag is specified.

FTPD: command: _c_o_m_m_a_n_d
A command line containing _c_o_m_m_a_n_d was read from
the FTP client.

lost connection
The FTP client dropped the connection.

<--- _r_e_p_l_y_c_o_d_e
<--- _r_e_p_l_y_c_o_d_e-
A reply was sent to the FTP client with the
reply code _r_e_p_l_y_c_o_d_e. The next message logged
will include the message associated with the
reply. If a - follows the reply code, the reply
is continued on later lines.

SEE ALSO
ftp(1), ls(1), aset(1M), inetd(1M), mknod(1M), syslogd(1M),
chroot(2), getsockopt(3N), group(4), inetd.conf(4), netcon-
fig(4), netrc(4), passwd(4), services(4)

Postel, Jon, and Joyce Reynolds, _F_i_l_e _T_r_a_n_s_f_e_r _P_r_o_t_o_c_o_l
(FTP),RFC 959, Network Information Center, SRI Interna-
tional, Menlo Park, Calif., October 1985.

NOTES
The anonymous account is inherently dangerous and should be
avoided when possible.

The server must run as the super-user to create sockets with
privileged port numbers. It maintains an effective user id
of the logged in user, reverting to the super-user only when
binding addresses to sockets. The possible security holes
have been extensively scrutinized, but are possibly incom-
plete.

/etc/ftpusers contains a list of users who cannot access the
system; the format of the file is one user name per line.

Sun Microsystems Last change: 10 Mar 1993 8

--------------902032097E69D7F7831851A7
Content-Type: text/x-vcard; charset=us-ascii; name="vcard.vcf"
Content-Transfer-Encoding: 7bit
Content-Description: Card for klaus-peter thronicke
Content-Disposition: attachment; filename="vcard.vcf"

begin: vcard
fn: klaus-peter thronicke
n: thronicke;klaus-peter
org: siemens ag -- A&D AS OI B53
email;internet: [email protected]
title: dipl.-ing.
tel;work: +49 ...721 595 6218
note;quoted-printable:Fingerprint: 4877 14F7 944B 6F11 49DB D895 1B79 E6BD=0D=0A=
=0D=0A=
Keyserver: http://info.erlm.siemens.de/pgp/
x-mozilla-cpt: ;0
x-mozilla-html: FALSE
version: 2.1
end: vcard

--------------902032097E69D7F7831851A7--

From [email protected] Wed Feb 17 06:38:26 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id GAA27787;
Wed, 17 Feb 1999 06:38:25 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id GAA12008;
Wed, 17 Feb 1999 06:35:02 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id GAA15874
for <[email protected]>; Wed, 17 Feb 1999 06:30:24 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id HAA09062;
Wed, 17 Feb 1999 07:29:36 -0500
Message-Id: <[email protected]>
Date: Wed, 17 Feb 1999 07:29:36 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: Fathi Ben Nasr <[email protected]>
Cc: [email protected], Abdelaziz Kraidi <[email protected]>,
belgacem felah <[email protected]>,
Chamseddine Chaabani <[email protected]>,
fathi ben nasr <[email protected]>,
Fethi Filali <[email protected]>,
Harald Tveit Alvestrand <[email protected]>,
"I.T. System s.r.l." <[email protected]>,
Imed Chihi <[email protected]>,
Imed Romdhani <[email protected]>,
Linuxconf Mailing List <[email protected]>,
Mahdi Ben Jelloul <[email protected]>, moez mahfoudh <[email protected]>,
Mohamed Mkhinini <[email protected]>,
Slah Elashtar <[email protected]>,
slimane ben miled <[email protected]>,
tarek hannoudi <[email protected]>,
"TLUG's Mailing List" <[email protected]>,
william armbruster <[email protected]>,
moez mahfoudh <[email protected]>,
Walid Khedher <[email protected]>
Subject: Re: [Fwd: Attenzione virus !!!!!!!!!!!!!!!!!!!!!]
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Please stop sending this hoax arround.

On Tue, 16 Feb 1999, Fathi Ben Nasr wrote:

> Date: Tue, 16 Feb 1999 21:57:18 +0100
> From: Fathi Ben Nasr <[email protected]>
> To: [email protected],
Abdelaziz Kraidi <[email protected]>,
belgacem felah <[email protected]>,
Chamseddine Chaabani <[email protected]>,
fathi ben nasr <[email protected]>,
Fethi Filali <[email protected]>,
Harald Tveit Alvestrand <[email protected]>,
I.T. System s.r.l. <[email protected]>,
Imed Chihi <[email protected]>,
Imed Romdhani <[email protected]>,
Linuxconf Mailing List <[email protected]>,
Mahdi Ben Jelloul <[email protected]>,
moez mahfoudh <[email protected]>,
Mohamed Mkhinini <[email protected]>,
Slah Elashtar <[email protected]>,
slimane ben miled <[email protected]>,
tarek hannoudi <[email protected]>,
TLUG's Mailing List <[email protected]>,
william armbruster <[email protected]>,
moez mahfoudh <[email protected]>,
Walid Khedher <[email protected]>
> Subject: [Fwd: Attenzione virus !!!!!!!!!!!!!!!!!!!!!]
>
>
>

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Wed Feb 17 07:04:05 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id HAA27985;
Wed, 17 Feb 1999 07:04:04 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id HAA02108;
Wed, 17 Feb 1999 07:00:42 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id GAA25152
for <[email protected]>; Wed, 17 Feb 1999 06:54:40 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id HAA09212
for <[email protected]>; Wed, 17 Feb 1999 07:54:39 -0500
Message-Id: <[email protected]>
Date: Wed, 17 Feb 1999 07:54:39 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: WU-FTPD Discussion List <[email protected]>
Subject: Re: wu-ftpd-2.4.2-beta-18-vr14 and HP-UX (fwd)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

---------- Forwarded message ----------
Date: Wed, 17 Feb 1999 07:16:12 -0500 (EST)
From: Gregory A Lundberg <[email protected]>
To: Rainer Kuerschner <[email protected]>
Subject: Re: wu-ftpd-2.4.2-beta-18-vr14 and HP-UX

I love open software!

Since I don't have an HP-UX 10.20 machine, I've never been able to test
this.

Over the past week, there have been at least five people trying to fix
that bug. Nobody notice the bad linkage.

But, open software wins out again. Finally, someone saw the obvious and
shared the observation.

Thank you.

On Wed, 17 Feb 1999, Rainer Kuerschner wrote:

> because of the recent CERT Advisory I upgraded the ftpd of our anonymous
> ftp server to your current version VR14. While linking I received several
> warnings about LoaD Word and STore Word instructions accessing unaligned data
> in access.o (System: HP 712, HP-UX 10.20, HP ANSI cc). Even though I haven't
> tried the executable the linker produced it would most probably receive a
> SIGBUS when executing one of these instructions. This misaligned data access
> is in my opinion caused by a coding flaw:
>
> In File access.c line 71 the variable defumask is declared as an 'extern int',
> telling the compiler that defumask has 32 bit alignment. defumask is defined
> in file ftpd.c line 330 as type mode_t which boils down to an unsigned short,
> having only a guaranteed alignment of 16 bit. In function acl_getdefumask
> in file access.c defumask is assigned the result of a strtoul() call and as
> the compiler assumes defumask is 32 bit aligned it generates 32 bit store
> instructions. The result may vary depending on platform, compiler and compiler
> switches from everything OK through data corruption to a SIGBUS (on RISCs).
> The correct way should be declaring defumask as 'extern mode_t':
>
> *** access.c.orig Tue Feb 16 12:23:37 1999
> --- access.c Tue Feb 16 12:24:13 1999
> ***************
> *** 68,76 ****
> extern int nameserved,
> anonymous,
> guest,
> - defumask,
> TCPwindowsize,
> use_accessfile;
> char Shutdown[MAXPATHLEN];
> #define MAXLINE 80
> static char incline[MAXLINE];
> --- 68,76 ----
> extern int nameserved,
> anonymous,
> guest,
> TCPwindowsize,
> use_accessfile;
> + extern mode_t defumask;
> char Shutdown[MAXPATHLEN];
> #define MAXLINE 80
> static char incline[MAXLINE];
>
>
>
> Greetings
> Rainer K"urschner
>
>
> ================================================================================
> Rainer K"urschner [email protected]
> Institut f"ur Theoretische Astrophysik Network Management
> Tiergartenstrasse 15 Tel.: +49-6221-54-8988
> 69121 Heidelberg / Germany Fax : +49-6221-54-4221
> ================================================================================
>

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Wed Feb 17 08:34:42 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id IAA28834;
Wed, 17 Feb 1999 08:34:41 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id IAA04540;
Wed, 17 Feb 1999 08:31:27 -0600 (CST)
Received: from rzusuntk.unizh.ch (rzumail1.unizh.ch [130.60.128.9])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id IAA23480
for <[email protected]>; Wed, 17 Feb 1999 08:24:16 -0600 (CST)
Received: [from rzursvg.unizh.ch (rzursvg.unizh.ch [130.60.112.85])
by rzusuntk.unizh.ch (8.8.5/SMI-5.25) with SMTP id PAA20165
for <[email protected]>;
Wed, 17 Feb 1999 15:24:13 +0100 (MET)]
Message-Id: <[email protected]>
Date: Wed, 17 Feb 1999 15:24:13 +0100 (MET)
Reply-To: Stefan Vogel <[email protected]>
Sender: [email protected]
From: Stefan Vogel <[email protected]>
To: [email protected]
Subject: Re: wu-ftpd-2.4.2-beta-18 fails on AIX 4.2
In-Reply-To: <c=US%a=_%p=TSL%[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; CHARSET=US-ASCII
X-Sender: [email protected]
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Hello Netters,

>
> 451 Local resource failure: malloc: No such file or directory.
>

This error message is generated in send_data because a call to malloc
is attempting to request a block of size zero. The size zero is a
consequence of a type mismatch of the parameter blksize (declared as
off_t, or long long on AIX 4.2 if _LARGE_FILES is #defined) when send_data is
called from retrieve. If You use the default settings for the compiler in
"build aix" You get /bin/cc, which is a non-ANSI compiler on AIX, so no
prototypes are compiled. The expression for the parameter blksize in the call
thus is of type int resulting in a very large value for the long long blksize,
but accidentally a zero in the least significant 32 bits, which then get casted

to the size_t (int on AIX 4.2) parameter of malloc.

The solution is not to use /bin/cc as compiler but /bin/xlc, which is the AIX
ANSI compiler:

build aix CC=xlc

There is another problem on AIX 4.2: the announcement of the file size at the
beginning of the transfer always reports 0 bytes when using /bin/cc as
compiler. The reason is that the correct printf format for off_t (%lld if
_LARGE_FILES is defined) is only selected if _AIX42 is defined. If the
-D_AIX42 in the CFLAGS definition in src/makefiles/Makefile.aix is uncommented
a bug in src/config/config.aix is triggered: _LARGE_FILES only gets defined
if _AIX42 is undefined. This of course makes off_t int instead of long long
and the printf format is incorrect again, announcing very large file sizes.
The included patch corrects src/config/config.aix.

Btw would it be possible to document the -D_AIX42 CFLAGS addition somewhere
(outside Makefile.aix), e.g. NOTES or FIXES-*?

Following the patch for src/config/config.aix:

----8<--- snip --->8----
--- src/config/config.aix Sat Oct 31 16:58:15 1998
+++ src/config/config.aix.new Wed Feb 17 12:05:24 1999
@@ -9,7 +9,7 @@
#define VIRTUAL
#endif
#endif
-#ifndef _AIX42
+#ifdef _AIX42
#define _LARGE_FILES
#ifndef VIRTUAL
#define VIRTUAL
----8<--- snip --->8----

Regards

0"0 Stefan Vogel Tel: ++41 1 635 67 74
( V ) Rechenzentrum der Universitaet FAX: ++41 1 635 45 05
| | CH-8057 Zuerich, Switzerland inet: [email protected]
---m-m------------------------------------
IBM: Solutions for a small planet! Too small!! Much too small!!!

From [email protected] Wed Feb 17 08:36:23 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id IAA28853;
Wed, 17 Feb 1999 08:36:22 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id IAA10677;
Wed, 17 Feb 1999 08:32:43 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id IAA07322
for <[email protected]>; Wed, 17 Feb 1999 08:28:25 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id JAA09792;
Wed, 17 Feb 1999 09:28:13 -0500
Message-Id: <[email protected]>
Date: Wed, 17 Feb 1999 09:28:13 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: Gary Goldberg <[email protected]>
Cc: [email protected]
Subject: Re: Question regarding guests
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Wed, 17 Feb 1999, Gary Goldberg wrote:

> I want to set up a situation where a web server has X subdirectories,
> each owned by a different person, and each using wu-ftpd guests to let
> the users log in through ftp only, maintain their documents, yet not
> be allowed higher than their home directories. Sounds tailor made for
> guests in wu-ftpd, yes? But I also want to provide them with a
> anonymous ftp root. I'm thinking that I should put the bin/dev/etc/lib
> heirarchy in their home directory, use the /./ nomenclature on their
> password file entry (I use Solaris), together this will make the
> chroot work for them, and then also duplicate the bin/dev/etc/lib
> directories in a ftp subdirectory, specifically for anon ftp (entry in
> ftpaccess). Is this the best way? If I only had one ftp root within
> the home directory, then anon-ftp users could see their webroot (bad!)
> Is there any better way to do this?

The example at my site shows one way to do this.
ftp://ftp.vr.net/pub/wu-ftpd/examples/

There are extensions on the VR updates which can make this easier to
manage. Also, BeroFTPD has an improved virtual hosting scheme which you
may want to take a look at.

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Wed Feb 17 09:26:38 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id JAA29569;
Wed, 17 Feb 1999 09:26:37 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id JAA23375;
Wed, 17 Feb 1999 09:23:15 -0600 (CST)
Received: from post.mail.demon.net (finch-post-11.mail.demon.net [194.217.242.39])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id JAA23904
for <[email protected]>; Wed, 17 Feb 1999 09:21:49 -0600 (CST)
Received: from [194.222.222.232] (helo=t-s-l.demon.co.uk)
by post.mail.demon.net with smtp (Exim 2.12 #1)
id 10D8oL-000CxY-00
for [email protected]; Wed, 17 Feb 1999 15:22:50 +0000
Received: by t-s-l.demon.co.uk with SMTP (Microsoft Exchange Server Internet Mail Connector Version 4.0.996.62)
id <[email protected]>; Wed, 17 Feb 1999 15:22:21 -0000
Message-Id: <c=US%a=_%p=TSL%[email protected]>
Date: Wed, 17 Feb 1999 15:22:20 -0000
Reply-To: [email protected]
Sender: [email protected]
From: Mark Francis <[email protected]>
To: "'Stefan Vogel'" <[email protected]>,
"'[email protected]'"
<[email protected]>
Subject: RE: wu-ftpd-2.4.2-beta-18 fails on AIX 4.2
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Exchange Server Internet Mail Connector Version 4.0.996.62
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Greetings ftpd dudes,
I have tried the fixes suggested by Stefan, and they have not solved
my problem, anymore ideas out there ?
Cheers,
Mark Francis
Analyst/Programmer
Teamwork Solutions Ltd
Phone: +44(0) 161 228 2286
Fax: +44(o) 161 228 2900
Email: [email protected]
Web: http://teamwork-solutions.com

-----Original Message-----
From: Stefan Vogel [SMTP:[email protected]]
Sent: 17 February 1999 06:24
To: [email protected]
Subject: Re: wu-ftpd-2.4.2-beta-18 fails on AIX 4.2

Hello Netters,

>
> 451 Local resource failure: malloc: No such file or directory.
>

This error message is generated in send_data because a call to malloc
is attempting to request a block of size zero. The size zero is a
consequence of a type mismatch of the parameter blksize (declared as
off_t, or long long on AIX 4.2 if _LARGE_FILES is #defined) when
send_data is
called from retrieve. If You use the default settings for the compiler
in
"build aix" You get /bin/cc, which is a non-ANSI compiler on AIX, so
no
prototypes are compiled. The expression for the parameter blksize in
the call
thus is of type int resulting in a very large value for the long long
blksize,
but accidentally a zero in the least significant 32 bits, which then
get casted

to the size_t (int on AIX 4.2) parameter of malloc.

The solution is not to use /bin/cc as compiler but /bin/xlc, which is
the AIX
ANSI compiler:

build aix CC=xlc

There is another problem on AIX 4.2: the announcement of the file size
at the
beginning of the transfer always reports 0 bytes when using /bin/cc as
compiler. The reason is that the correct printf format for off_t (%lld
if
_LARGE_FILES is defined) is only selected if _AIX42 is defined. If the
-D_AIX42 in the CFLAGS definition in src/makefiles/Makefile.aix is
uncommented
a bug in src/config/config.aix is triggered: _LARGE_FILES only gets
defined
if _AIX42 is undefined. This of course makes off_t int instead of long
long
and the printf format is incorrect again, announcing very large file
sizes.
The included patch corrects src/config/config.aix.

Btw would it be possible to document the -D_AIX42 CFLAGS addition
somewhere
(outside Makefile.aix), e.g. NOTES or FIXES-*?

Following the patch for src/config/config.aix:

----8<--- snip --->8----
--- src/config/config.aix Sat Oct 31 16:58:15 1998
+++ src/config/config.aix.new Wed Feb 17 12:05:24 1999
@@ -9,7 +9,7 @@
#define VIRTUAL
#endif
#endif
-#ifndef _AIX42
+#ifdef _AIX42
#define _LARGE_FILES
#ifndef VIRTUAL
#define VIRTUAL
----8<--- snip --->8----

Regards

0"0 Stefan Vogel Tel: ++41 1 635 67 74
( V ) Rechenzentrum der Universitaet FAX: ++41 1 635 45 05
| | CH-8057 Zuerich, Switzerland inet: [email protected]
---m-m------------------------------------
IBM: Solutions for a small planet! Too small!! Much too small!!!

From [email protected] Wed Feb 17 09:46:48 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id JAA29908;
Wed, 17 Feb 1999 09:46:47 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id JAA31700;
Wed, 17 Feb 1999 09:43:12 -0600 (CST)
Received: from marpdc.marinfo.com (marinfo.com [207.219.93.2])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id JAA31229
for <[email protected]>; Wed, 17 Feb 1999 09:38:59 -0600 (CST)
Received: by MARPDC with Internet Mail Service (5.5.2232.9)
id <D8C0QL9X>; Wed, 17 Feb 1999 10:35:41 -0500
Message-Id: <FB10CECDF96CD211ADFE00A0C9616D5505ABE6@MARPDC>
Date: Wed, 17 Feb 1999 10:35:31 -0500
Reply-To: [email protected]
Sender: [email protected]
From: Francis Le Quellec <[email protected]>
To: "'[email protected]'" <[email protected]>,
[email protected], Abdelaziz Kraidi <[email protected]>,
belgacem felah <[email protected]>,
Chamseddine Chaabani
<[email protected]>,
fathi ben nasr <[email protected]>,
Fethi Filali <[email protected]>,
Harald Tveit Alvestrand
<[email protected]>,
"I.T. System s.r.l." <[email protected]>,
Imed Chihi <[email protected]>,
Imed Romdhani <[email protected]>,
Linuxconf Mailing List <[email protected]>,
Mahdi Ben Jelloul
<[email protected]>,
moez mahfoudh <[email protected]>,
Mohamed Mkhinini
<[email protected]>,
Slah Elashtar <[email protected]>,
slimane ben miled <[email protected]>,
tarek hannoudi
<[email protected]>,
"TLUG's Mailing List" <[email protected]>,
william armbruster <[email protected]>,
[email protected]
Subject: RE: [Fwd: Attenzione virus !!!!!!!!!!!!!!!!!!!!!]
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
X-Mailer: Internet Mail Service (5.5.2232.9)
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Stop forwarding this email, it clogs the $%&#&*$%@ mail system....

-----Original Message-----
From: Fathi Ben Nasr [mailto:[email protected]]
Sent: Tuesday, February 16, 1999 3:57 PM
To: [email protected]; Abdelaziz Kraidi; belgacem felah;
Chamseddine Chaabani; fathi ben nasr; Fethi Filali; Harald Tveit
Alvestrand; I.T. System s.r.l.; Imed Chihi; Imed Romdhani; Linuxconf
Mailing List; Mahdi Ben Jelloul; moez mahfoudh; Mohamed Mkhinini; Slah
Elashtar; slimane ben miled; tarek hannoudi; TLUG's Mailing List;
william armbruster; moez mahfoudh; Walid Khedher
Subject: [Fwd: Attenzione virus !!!!!!!!!!!!!!!!!!!!!]

From [email protected] Wed Feb 17 09:48:09 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id JAA29927;
Wed, 17 Feb 1999 09:48:08 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id JAA06291;
Wed, 17 Feb 1999 09:44:44 -0600 (CST)
Received: from fatcat.inven.com (fatcat.inven.com [204.142.49.130])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id JAA29416
for <[email protected]>; Wed, 17 Feb 1999 09:40:20 -0600 (CST)
Received: from mailnyc [195.1.2.68]
by fatcat.inven.com with esmtp (Exim 1.71 #1)
id 10D95c-0000Fr-00; Wed, 17 Feb 1999 10:40:40 -0500
Received: by mailnyc with smtp (Exim 2.10)
id 10D96y-0002Jm-00; Wed, 17 Feb 1999 10:42:04 -0500
Message-Id: <4.1.19990217103442.00b4ca00@mailnyc>
Date: Wed, 17 Feb 1999 10:37:21 -0500
Reply-To: [email protected]
Sender: [email protected]
From: John-Paul Pagano <[email protected]>
To: [email protected]
Cc: [email protected]
Subject: Re: how to choose a ftpd
In-Reply-To: <[email protected]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Sender: jpagano@mailnyc
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

At 11:29 AM 2/17/99 +0100, you wrote:
>Nowadays there are 4 ftpd players in the field, wu-ftpd / wu-ftpd-VR /
>beroftpd and proftpd .
>can someone give some advice on how to select which one to use.
>Thanks
>

>From what I've learned very recently, if you are planning on setting up a
public or at least publically accessible FTP server, as opposed to an
internal site that doesn't require security enhancements, then choose
wu-ftpd-VR over plain wu-ftpd. The latter is a more secure version of the
former that has patches to prevent attackers from stack smashing your server.

The other two I don't know anything about.

--
John-Paul Pagano
Unix Systems Administrator
Voice: (212) 208-0828
Fax: (212) 825-1040

From [email protected] Wed Feb 17 10:58:03 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id KAA00932;
Wed, 17 Feb 1999 10:58:02 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id KAA31269;
Wed, 17 Feb 1999 10:54:01 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id KAA21435
for <[email protected]>; Wed, 17 Feb 1999 10:48:51 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id LAA11098
for <[email protected]>; Wed, 17 Feb 1999 11:48:49 -0500
Message-Id: <[email protected]>
Date: Wed, 17 Feb 1999 11:48:48 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: WU-FTPD Discussion List <[email protected]>
Subject: VR13/VR14 open issues
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

A lot has been happenning over the past few days with wu-ftpd and the VR
versions. So much so, in fact, that I'm afraid that I may let things slip
through the cracks. So here's what comes to my mind as the currently open
issues needing resolution. If you've raised an issue which isn't on here
and which hasn't been resolved, let me know. This email is as much to
help me keep organized as it is to you the chance to ensure I'm not
forgetting your problem; if it appears I have, send me a personal note.

SunOS 4.1
---------
This is probably another problem with NFS. I'll be researching this on a
4.1 system to try to figure out what the particular site has done to
tickle a bug in fb_realpath(). With VR13 the daemon confuses the client.
With VR14 the error is ignored and everything _appears_ correct. I want
to try to figure out what exactly is being ignored and try to really fix
it. The ftpadmin on the testbed machine is claiming an additional problem
which appears to be FAQ-ish about bin/ls doing the wrong thing, a quick
check didn't show what he reported; I'll be looking into this later today
when he gets into his office.

HPUX
----
A signal (SIGBUS?) kills the daemon during login while trying to set the
umask to the site-default value. A patch was submitted to me personally
today, which I forwared to the list. I am awaiting reports as to whether
this actually solved the problem. It was localized to the umask by
hard-coding the default umask rather than using the ftpaccess/command-line
values.

AIX
---
There's something going on in the throughput limiting code which is either
preventing compilation or crashing the daemon. I don't have any AIX
access, but what I've seen on the list leads me to believe someone who
does will have a good, general solution shortly. Frankly, I expect it'll
turn out to be another size mismatch like the HPUX problem.

SunOS 4.1
---------
It seems some of the compiler/runtime on the system don't define RAND_MAX.
The value of RAND_MAX is critical to the code trying to fight PASV port
stealing. Right now, I've got a suggestion to hardwire a value of 32767
(0x7FFF) in the src/config/config.s41 file; but I question if that's known
to be the correct value (it's the value in one of the runtimes is all I
know for sure).

All platforms
-------------
The IP-wildcards on the class clause were changed. I've got a workable
solution and have had what may be a better one proposed. One of them will
be in VR15. Until then, the workable patch is available on-request but I
recommend switching from wildcards to IP/CIDR or IP:NETMASK notation
instead.

In general, considering the thousands of new VR users over the past week
or so, the number of problems has been quite low, and I'm very pleased.
I've received as many notes telling of a successful drop-in replacement as
I have received asking for help (at least for non-FAQ issues).

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Wed Feb 17 11:10:02 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id LAA01114;
Wed, 17 Feb 1999 11:10:01 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id LAA18087;
Wed, 17 Feb 1999 11:06:37 -0600 (CST)
Received: from fatcat.inven.com (fatcat.inven.com [204.142.49.130])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id LAA30879
for <[email protected]>; Wed, 17 Feb 1999 11:01:56 -0600 (CST)
Received: from mailnyc [195.1.2.68]
by fatcat.inven.com with esmtp (Exim 1.71 #1)
id 10DAN6-0000qp-00; Wed, 17 Feb 1999 12:02:48 -0500
Received: by mailnyc with smtp (Exim 2.10)
id 10DAOS-0003LY-00; Wed, 17 Feb 1999 12:04:12 -0500
Message-Id: <4.1.19990217115618.00b28100@mailnyc>
Date: Wed, 17 Feb 1999 11:59:30 -0500
Reply-To: [email protected]
Sender: [email protected]
From: John-Paul Pagano <[email protected]>
To: [email protected]
Subject: Re: VR13/VR14 open issues
In-Reply-To: <[email protected]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Sender: jpagano@mailnyc
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

At 11:48 AM 2/17/99 -0500, you wrote:
>A lot has been happenning over the past few days with wu-ftpd and the VR
>versions. So much so, in fact, that I'm afraid that I may let things slip
>through the cracks. So here's what comes to my mind as the currently open
>issues needing resolution. If you've raised an issue which isn't on here
>and which hasn't been resolved, let me know. This email is as much to
>help me keep organized as it is to you the chance to ensure I'm not
>forgetting your problem; if it appears I have, send me a personal note.

I guess one issue I've had, although I'm not really sure if it amounts to a
bug or a simple lack of proper documentation, is my recent inability to get
the following ftpaccess file directives to do anything useful:

lslong
lsshort
lsplain
lsreal

Does anyone out there have definitive experience with getting these
directives to work?

--
John-Paul Pagano
Unix Systems Administrator
Voice: (212) 208-0828
Fax: (212) 825-1040

From [email protected] Wed Feb 17 11:23:08 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id LAA01313;
Wed, 17 Feb 1999 11:23:07 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id LAA01586;
Wed, 17 Feb 1999 11:19:41 -0600 (CST)
Received: from tounes.gw.tn (tounes.gw.tn [193.95.50.118])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id LAA08951
for <[email protected]>; Wed, 17 Feb 1999 11:13:34 -0600 (CST)
Received: from tounes.tn (tounes.tn [193.95.50.110])
by tounes.gw.tn (8.8.8/8.8.8) with ESMTP id SAA04120
for <[email protected]>; Wed, 17 Feb 1999 18:09:37 -0100 (GMT)
Received: from tounes.ati.tn (tounes.ati.tn [193.95.66.21])
by tounes.tngw.tn (8.8.8/8.8.8) with ESMTP id RAA01604;
Wed, 17 Feb 1999 17:57:41 -0100 (GMT)
Received: from mail.gnet.tn ([193.95.67.109])
by tounes.ati.tn (8.8.8/8.8.8) with SMTP id SAA18696;
Wed, 17 Feb 1999 18:04:37 -0100
Received: from gnet.tn by mail.gnet.tn (SMI-8.6/SMI-SVR4)
id RAA22540; Wed, 17 Feb 1999 17:59:42 -0100
Message-Id: <[email protected]>
Date: Wed, 17 Feb 1999 17:35:06 +0100
Reply-To: [email protected]
Sender: [email protected]
From: Fathi Ben Nasr <[email protected]>
To: [email protected], Abdelaziz Kraidi <[email protected]>,
belgacem felah <[email protected]>,
Chamseddine Chaabani <[email protected]>,
fathi ben nasr <[email protected]>,
Fethi Filali <[email protected]>,
Harald Tveit Alvestrand <[email protected]>,
"I.T. System s.r.l." <[email protected]>,
Imed Chihi <[email protected]>,
Imed Romdhani <[email protected]>,
Linuxconf Mailing List <[email protected]>,
Mahdi Ben Jelloul <[email protected]>, moez mahfoudh <[email protected]>,
Mohamed Mkhinini <[email protected]>,
Slah Elashtar <[email protected]>,
slimane ben miled <[email protected]>,
tarek hannoudi <[email protected]>,
"TLUG's Mailing List" <[email protected]>,
william armbruster <[email protected]>,
moez mahfoudh <[email protected]>,
Walid Khedher <[email protected]>
Subject: Sorry!!!
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Mailer: Mozilla 4.5 [fr] (Win95; I)
X-Accept-Language: fr
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

It' s the first time I receive such a warning, I even made a filter on
my mailbox to send the message containing "PENPA" to trash. I never
heared before about hoax and I beleived the story. It may be a good
thing to send back a real virus to whom sent me this message.

Sorry.

From [email protected] Wed Feb 17 12:09:01 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id MAA01942;
Wed, 17 Feb 1999 12:08:59 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id MAA07554;
Wed, 17 Feb 1999 12:05:29 -0600 (CST)
Received: from star.ayamura.org ([email protected] [202.26.20.3])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id MAA27825
for <[email protected]>; Wed, 17 Feb 1999 12:04:30 -0600 (CST)
Received: (from ayamura@localhost)
by star.ayamura.org (8.9.3/8.9.3) id DAA08089;
Thu, 18 Feb 1999 03:04:23 +0900 (JST)
env-from (ayamura)
Message-Id: <[email protected]>
Date: 18 Feb 1999 03:04:22 +0900
Reply-To: [email protected]
Sender: [email protected]
From: Ayamura Kikuchi <[email protected]>
To: [email protected]
Subject: Re: VR13/VR14 open issues
In-Reply-To: <[email protected]>
References: <[email protected]>
MIME-Version: 1.0 (generated by SEMI 1.13.2 - "Mikawa")
Content-Type: text/plain; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

> SunOS 4.1
> ---------
> It seems some of the compiler/runtime on the system don't define RAND_MAX.
> The value of RAND_MAX is critical to the code trying to fight PASV port
> stealing. Right now, I've got a suggestion to hardwire a value of 32767
> (0x7FFF) in the src/config/config.s41 file; but I question if that's known
> to be the correct value (it's the value in one of the runtimes is all I
> know for sure).

It may be better we use a value of 2147483647 as the value of RAND_MAX.
That of 32767 (0x7FFF) is too small on SunOS4.

-- ayamura

From [email protected] Wed Feb 17 13:20:09 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id NAA02848;
Wed, 17 Feb 1999 13:20:08 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id NAA09103;
Wed, 17 Feb 1999 13:16:35 -0600 (CST)
Received: from chico.rediris.es (chico.rediris.es [130.206.1.3])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id NAA17151
for <[email protected]>; Wed, 17 Feb 1999 13:14:25 -0600 (CST)
Received: (from jpuche@localhost)
by chico.rediris.es (8.9.1/8.9.1) id UAA14363
for [email protected]; Wed, 17 Feb 1999 20:14:23 +0100 (MET)
Message-Id: <[email protected]>
Date: Wed, 17 Feb 1999 20:14:22 +0100
Reply-To: [email protected]
Sender: [email protected]
From: "Javier Puche. CSIC RedIRIS" <[email protected]>
To: [email protected]
Subject: inverse resolution
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 8bit
X-Mailer: Z-Mail (5.0.0 30July97)
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Hi,

I am having a problem when activating 'deny !nameserved', the thing
is that it seems not to work well when people coming from classless
inverse resolutions (not byte boundaries)

I don't know to what extent is a wu-ftpd, libresolv or any other thing
problem, the client seems to have correctly set the inverse resolution.
Just to know if someone has had similar experiences or has any insight
on what could be the problem.

Thanks a lot,

Javier Puche.

PD: I run wu-2.4.2-academ[BETA-13] with some patches on Solaris 2.6,
but I do not find any mention to resolution topics in the tickets
solved for next releases.

From [email protected] Wed Feb 17 14:32:51 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id OAA03779;
Wed, 17 Feb 1999 14:32:50 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id OAA32288;
Wed, 17 Feb 1999 14:27:59 -0600 (CST)
Received: from lulu.acns.nwu.edu (lulu.acns.nwu.edu [129.105.16.54])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id OAA27315
for <[email protected]>; Wed, 17 Feb 1999 14:21:20 -0600 (CST)
Received: (from mailnull@localhost)
by lulu.acns.nwu.edu (8.8.7/8.8.7) id OAA07901;
Wed, 17 Feb 1999 14:21:10 -0600 (CST)
Received: from socrates.tss.nwu.edu(129.105.110.129) by lulu.acns.nwu.edu via smap (V2.0)
id xma006891; Wed, 17 Feb 99 14:19:09 -0600
Message-Id: <v03110701b2f0d180f342@[129.105.110.129]>
Date: Wed, 17 Feb 1999 14:19:06 -0600
Reply-To: [email protected]
Sender: [email protected]
From: Albert Lunde <[email protected]>
To: [email protected], [email protected]
Subject: small fix for _PATH_XFERLOG undefined in pathnames.h
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Sender: [email protected] (Unverified)
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

In putting my builds of beta-18-V13 and beta-18-VR14 into production I
found what seems like a logic bug in the conditional code of pathnames.h

In some cases, it seems to be pussible to wind up with _PATH_XFERLOG undefined.

I have a patch that fixed the problem for me; I haven't stress-tested this
against all the possible branches.

This is a diff -c against the beta-18-VR14 source.

- - cut here - -
*** pathnames.h.dist Sat Oct 31 09:58:16 1998
--- pathnames.h.fix Wed Feb 17 13:52:02 1999
***************
*** 91,101 ****
#define _PATH_PIDNAMES "/var/adm/ftp.pids-%s"
#define _PATH_FTPD_PID "/var/adm/ftpd.pid"
#endif
#ifdef USE_LOG
#define _PATH_XFERLOG "/var/log/xferlog"
#else
#define _PATH_XFERLOG "/var/adm/xferlog"
- #endif
#endif
#else
#ifdef USE_USR
--- 91,101 ----
#define _PATH_PIDNAMES "/var/adm/ftp.pids-%s"
#define _PATH_FTPD_PID "/var/adm/ftpd.pid"
#endif
+ #endif
#ifdef USE_LOG
#define _PATH_XFERLOG "/var/log/xferlog"
#else
#define _PATH_XFERLOG "/var/adm/xferlog"
#endif
#else
#ifdef USE_USR
- - cut here - -

I think I discovered the problem while I was saying:

> /* fix paths for local usage */
> #define USE_VAR
> #define USE_PID
> #undef USE_OPT_FTPD

towards the end of my config.hpx file.

I'm now saying in current version:

>/* fix paths for local usage */
>#define USE_VAR
>#define USE_PID
>#undef USE_OPT_FTPD
>#undef VAR_RUN

(Most of the reasons for using these paticular paths are site-specific.)

---
Albert Lunde [email protected]

From [email protected] Wed Feb 17 14:51:13 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id OAA04032;
Wed, 17 Feb 1999 14:51:12 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id OAA12261;
Wed, 17 Feb 1999 14:47:06 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id OAA17787
for <[email protected]>; Wed, 17 Feb 1999 14:42:29 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id PAA14045;
Wed, 17 Feb 1999 15:42:05 -0500
Message-Id: <[email protected]>
Date: Wed, 17 Feb 1999 15:42:04 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: "Javier Puche. CSIC RedIRIS" <[email protected]>
Cc: [email protected]
Subject: Re: inverse resolution
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Wed, 17 Feb 1999, Javier Puche. CSIC RedIRIS wrote:

> I am having a problem when activating 'deny !nameserved', the thing is
> that it seems not to work well when people coming from classless
> inverse resolutions (not byte boundaries)
>
> I don't know to what extent is a wu-ftpd, libresolv or any other thing
> problem, the client seems to have correctly set the inverse
> resolution. Just to know if someone has had similar experiences or has
> any insight on what could be the problem.

I'm not sure I understand your problem, but I'll make couple of a guesses.

I'm thinking you're talking about reverse lookups which were dynamically
inserted when a dialup user connected. If that's the case, it sounds like
a DNS latency issue. The whole idea of so-called 'dynamic-DNS' seems lame
to me and I dont think it'll work without taking the entire internet to
its knees.

The other possibility which comes to mind is the idea of using a CNAME in
the reverse lookup table. As I read the DNS RFC, it seems to me that
practice is non-compliant. It's used as an example in a book somewhere,
so we see a lot of people trying it (including some major ISPs). I've not
looked but it may be discussed somewhere in a BCP. I don't know about
BIND 8 but I can tell you BIND 4 doesn't like it a bit.

Neither of these isues, btw, are FTP or wu-ftpd issues. If it's a problem
with a specific site, I'd have a talk with the hostmaster there. If it's
a problem with a lot of sites hitting your archive, I'd think about losing
the !nameserved option.

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Wed Feb 17 15:10:23 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id PAA04310;
Wed, 17 Feb 1999 15:10:22 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id PAA11240;
Wed, 17 Feb 1999 15:06:38 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id PAA20716
for <[email protected]>; Wed, 17 Feb 1999 15:01:40 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id QAA14457;
Wed, 17 Feb 1999 16:01:30 -0500
Message-Id: <[email protected]>
Date: Wed, 17 Feb 1999 16:01:28 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: Ayamura Kikuchi <[email protected]>
Cc: [email protected]
Subject: Re: VR13/VR14 open issues
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On 18 Feb 1999, Ayamura Kikuchi wrote:

> > SunOS 4.1
> > ---------
> > It seems some of the compiler/runtime on the system don't define RAND_MAX.
> > The value of RAND_MAX is critical to the code trying to fight PASV port
> > stealing. Right now, I've got a suggestion to hardwire a value of 32767
> > (0x7FFF) in the src/config/config.s41 file; but I question if that's known
> > to be the correct value (it's the value in one of the runtimes is all I
> > know for sure).
>
> It may be better we use a value of 2147483647 as the value of RAND_MAX.
> That of 32767 (0x7FFF) is too small on SunOS4.

On thinking about the risks of guessing, and unless someone else comes up
with an authoritative answer, I'm inclined to go with Ayamura Kikuchi's
suggestion of using 2147483647 for RAND_MAX on SunOS4. Guessing too small
means overrunning an array which could be disasterous. Guessing too large
turns the randomization functions back into a (near?) linear search. I'd
rather see the deamon vulnerable on SunOS4 than go bonkers when it
overruns the array.

Ayamura: my current testing roll for VR15 has the 32767 value in it. I'll
be changing the definition and adding #ifndef protection for the #define.

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Wed Feb 17 15:57:18 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id PAA04928;
Wed, 17 Feb 1999 15:57:17 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id PAA03716;
Wed, 17 Feb 1999 15:53:20 -0600 (CST)
Received: from orr.pwgsc.gc.ca (orr.pwgsc.gc.ca [198.103.167.14])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id PAA01408
for <[email protected]>; Wed, 17 Feb 1999 15:50:56 -0600 (CST)
Received: id QAA08266; Wed, 17 Feb 1999 16:16:52 -0500
Received: by gateway id QAA25512
for <[email protected]>; Wed, 17 Feb 1999 16:08:46 -0500 (EST)
Message-Id: <[email protected]>
Date: Wed, 17 Feb 1999 16:15:11 -0500
Reply-To: [email protected]
Sender: [email protected]
From: "Robertson, Rocke" <[email protected]>
To: wuftp <[email protected]>
Subject: [Fwd: VR13/VR14 open issues]
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Mailer: Mozilla 4.03 [en] (WinNT; U)
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Im not a TCP/IP developer, but are ports numbers not limited to 64k ?

My 2 cents....

Ayamura Kikuchi wrote:

> > SunOS 4.1
> > ---------
> > It seems some of the compiler/runtime on the system don't define RAND_MAX.
> > The value of RAND_MAX is critical to the code trying to fight PASV port
> > stealing. Right now, I've got a suggestion to hardwire a value of 32767
> > (0x7FFF) in the src/config/config.s41 file; but I question if that's known
> > to be the correct value (it's the value in one of the runtimes is all I
> > know for sure).
>
> It may be better we use a value of 2147483647 as the value of RAND_MAX.
> That of 32767 (0x7FFF) is too small on SunOS4.
>
> -- ayamura

--
Rocke Robertson
PWGSC/GTIS
(613)991-2604
[email protected]

From [email protected] Thu Feb 18 02:41:44 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id CAA10623;
Thu, 18 Feb 1999 02:41:44 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id CAA19010;
Thu, 18 Feb 1999 02:36:54 -0600 (CST)
Received: from mserver.fh-koblenz.de (mserver.fh-koblenz.de [143.93.144.2])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id CAA01994
for <[email protected]>; Thu, 18 Feb 1999 02:28:53 -0600 (CST)
Received: from ss1000e0.fhkoblenz (ss1000e0 [143.93.145.200])
by mserver.fh-koblenz.de (8.8.8/8.8.8-ms) with SMTP id JAA15900;
Thu, 18 Feb 1999 09:29:07 +0100 (MET)
Received: by ss1000e0.fhkoblenz (SMI-8.6/SMI-SVR4)
id JAA10989; Thu, 18 Feb 1999 09:28:38 +0100
Message-Id: <[email protected]>
Date: Thu, 18 Feb 1999 09:28:37 +0100 (MET)
Reply-To: [email protected]
Sender: [email protected]
From: [email protected] (Michael Schmidt)
To: [email protected]
Cc: [email protected], [email protected] (Michael Schmidt)
Subject: Re: VR mirrors
In-Reply-To: <[email protected]> from "Gregory A Lundberg" at Feb 15, 99 12:00:00 pm
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Mailer: ELM [version 2.4 PL25]
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

> From: Gregory A Lundberg <[email protected]>
> Subject: VR mirrors
>
> The VR updates for WU-FTPD include additional features requested over the
> years by the user community and includes a number of bug fixes for both the
> base 2.4.2 (beta-18) release and earlier VR updates.
>
> The primary distribution site for these updates is:
>
> ftp://ftp.vr.net/pub/wu-ftpd/
>
> Mirrors are available at the following sites:
>
[...]

Hi,

a suggestion to Gregory:
In the ftp.vr.net/pub/wu-ftpd/ directory there are located
some utilities, shall say: fileutils + gzip + ncompress +
newvirt + privatepw + tar + textutils
It's only my personal opinion. but I think it would be better
if you place them under a separate directory e.g.
ftp.vr.net/pub/wu-ftpd/utils/ as things are more structured then
and look clearer.

About mirroring:
Although at ftp.vr.net/pub/wu-ftpd/ there is mentioned that it is
not necessary to ask for permission to run a mirror area of that
VR wu-ftpd I would like to ask whether it would be helpful if we
would setup a mirror of ftp.vr.net/pub/wu-ftpd/ in Koblenz, Germany?

Please feel free to send me your feedback.

Have a nice day
Michael

--
Michael Schmidt
[email protected]
Mirror of: SAMBA:
IPFilter, Ghostscript Server for Win95,
Linux-HOWTO WinNT, LANManager

From [email protected] Thu Feb 18 06:13:46 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id GAA12731;
Thu, 18 Feb 1999 06:13:45 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id GAA06273;
Thu, 18 Feb 1999 06:09:11 -0600 (CST)
Received: from rzusuntk.unizh.ch (rzumail1.unizh.ch [130.60.128.9])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id GAA18819
for <[email protected]>; Thu, 18 Feb 1999 06:08:22 -0600 (CST)
Received: [from rzursvg.unizh.ch (rzursvg.unizh.ch [130.60.112.85])
by rzusuntk.unizh.ch (8.8.5/SMI-5.25) with SMTP id NAA14844;
Thu, 18 Feb 1999 13:08:05 +0100 (MET)]
Message-Id: <[email protected]>
Date: Thu, 18 Feb 1999 13:08:05 +0100 (MET)
Reply-To: Stefan Vogel <[email protected]>
Sender: [email protected]
From: Stefan Vogel <[email protected]>
To: Mark Francis <[email protected]>
Cc: "'[email protected]'" <[email protected]>
Subject: Re: wu-ftpd-2.4.2-beta-18 fails on AIX 4.2
In-Reply-To: <c=US%a=_%p=TSL%[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; CHARSET=US-ASCII
X-Sender: [email protected]
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Hi Mark,

> Greetings ftpd dudes,
> I have tried the fixes suggested by Stefan, and they have not solved
> my problem, anymore ideas out there ?
> Cheers,
> Mark Francis

Try to remove -D_NO_PROTO from CFLAGS in the Makefile.aix in support/makefiles
and src/makefiles. The malloc prototype in <sys/malloc.h> is
#ifndef _NO_PROTO. If Your AIX has strdup in <string.h>, try to remove
strdup.o from OBJS in support/makefiles/Makefile.aix to avoid a redeclaration.
Then 'build clean; build aix CC=xlc'. There will be some warnings that are
probably harmless. What version of AIX are You running?

Regards

0"0 Stefan Vogel Tel: ++41 1 635 67 74
( V ) Rechenzentrum der Universitaet FAX: ++41 1 635 45 05
| | CH-8057 Zuerich, Switzerland inet: [email protected]
---m-m------------------------------------
IBM: Solutions for a small planet! Too small!! Much too small!!!

From [email protected] Thu Feb 18 07:23:40 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id HAA13309;
Thu, 18 Feb 1999 07:23:39 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id HAA20070;
Thu, 18 Feb 1999 07:20:20 -0600 (CST)
Received: from chico.rediris.es (chico.rediris.es [130.206.1.3])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id HAA23007
for <[email protected]>; Thu, 18 Feb 1999 07:08:21 -0600 (CST)
Received: (from jpuche@localhost)
by chico.rediris.es (8.9.1/8.9.1) id NAA01388;
Thu, 18 Feb 1999 13:42:56 +0100 (MET)
Message-Id: <[email protected]>
Date: Thu, 18 Feb 1999 13:42:56 +0100
Reply-To: [email protected]
Sender: [email protected]
From: "Javier Puche. CSIC RedIRIS" <[email protected]>
To: Gregory A Lundberg <[email protected]>,
"Javier Puche. CSIC RedIRIS" <[email protected]>
Cc: [email protected]
Subject: Re: reverse resolution
In-Reply-To: Gregory A Lundberg <[email protected]>
"Re: inverse resolution" (Feb 17, 3:42pm)
References: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 8bit
X-Mailer: Z-Mail (5.0.0 30July97)
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Hi all,

Thanks Gregory for your quick reply and your guesses. Yes, I am
talking about reverse lookups (sorry for my bad writing), and the
scenario is your guess number 2: zones with delegated classles in-addr;
the use of CNAMES is the recomended practice for this cases according
to RFC 2317, but the same RFC warns that some software are not able to
deal with this kind of indirection in the resolution.

My knowledge of DNS is not too deep, so I am trying to locate where
the not well working piece is: ftpd code to handle reverse lookups, the
o.s. library for resolving, .... DNS people here tell me that DNS
configuration is ok according to the RFC. I've been told to avoid
losing !nameserved option because this is a big ftp site here in Spain
and helps forcing people to configure properly reverse resolution.

Thanks again for your help,

Javier Puche.

From [email protected] Thu Feb 18 09:14:40 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id JAA14267;
Thu, 18 Feb 1999 09:14:40 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id JAA22075;
Thu, 18 Feb 1999 09:10:29 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id JAA31250
for <[email protected]>; Thu, 18 Feb 1999 09:07:21 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id KAA23540;
Thu, 18 Feb 1999 10:03:55 -0500
Message-Id: <[email protected]>
Date: Thu, 18 Feb 1999 10:03:55 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: "Javier Puche. CSIC RedIRIS" <[email protected]>
Cc: [email protected]
Subject: Re: reverse resolution
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Thu, 18 Feb 1999, Javier Puche. CSIC RedIRIS wrote:

> Thanks Gregory for your quick reply and your guesses. Yes, I am
> talking about reverse lookups (sorry for my bad writing), and the
> scenario is your guess number 2: zones with delegated classles
> in-addr; the use of CNAMES is the recomended practice for this cases
> according to RFC 2317, but the same RFC warns that some software are
> not able to deal with this kind of indirection in the resolution.

Well. I didn't know the BCP had been upgraded to an RFC. Actually, I
wasn't sure there was even a BCP, it was just a vague recollection.

The libraries and everything you need are in BIND 8, available from
http://www.isc.org/bind.html I still run BIND 4 and can tell you it
doesn't like CNAMES much. It appears to resolve them, but complains
loudly in my system logs.

5.1 Recommended secondary name service

Some older versions of name server software will make no effort to
find and return the pointed-to name in CNAME records if the pointed-
to name is not already known locally as cached or as authoritative
data. This can cause some confusion in resolvers, as only the CNAME
record will be returned in the response. To avoid this problem it is
recommended that the authoritative name servers for the delegating
zone (the zone containing all the CNAME records) all run as slave
(secondary) name servers for the "child" zones delegated and pointed
into via the CNAME records.

The last time I tried BIND 8 (8.0) was several months ago. It didn't play
well with the other kids on my block, so I set it aside. If you upgrade
to BIND 8 and relink the FTP daemon with the new resolver libraries BIND 8
provides, things should work better.

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Thu Feb 18 09:59:17 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id JAA14799;
Thu, 18 Feb 1999 09:59:17 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id JAA13878;
Thu, 18 Feb 1999 09:55:31 -0600 (CST)
Received: from omega.uta.edu ([email protected] [129.107.56.23])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id JAA30774
for <[email protected]>; Thu, 18 Feb 1999 09:52:05 -0600 (CST)
Received: from localhost (xxfdh@localhost)
by omega.uta.edu (8.9.2/8.9.2) with SMTP id JAA04564
for <[email protected]>; Thu, 18 Feb 1999 09:52:03 -0600 (CST)
Message-Id: <[email protected]>
Date: Thu, 18 Feb 1999 09:52:03 -0600 (CST)
Reply-To: [email protected]
Sender: [email protected]
From: Dustin Fu <[email protected]>
To: [email protected]
Subject: compatibility of ftpaccess file
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Hello,

Does anyone know if ftpaccess file for version 2.4(82) can be used with
version 2.4.2-beta-18-vr14?

Thanks!

Dustin Fu
Software Systems Specialist
Academic Computing Services
University of Texas at Arlington
[email protected]
817-272-2208

From [email protected] Thu Feb 18 10:45:09 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id KAA15406;
Thu, 18 Feb 1999 10:45:08 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id KAA16586;
Thu, 18 Feb 1999 10:41:10 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id KAA04010
for <[email protected]>; Thu, 18 Feb 1999 10:35:43 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id LAA24635;
Thu, 18 Feb 1999 11:35:32 -0500
Message-Id: <[email protected]>
Date: Thu, 18 Feb 1999 11:35:32 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: Dustin Fu <[email protected]>
Cc: [email protected]
Subject: Re: compatibility of ftpaccess file
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Thu, 18 Feb 1999, Dustin Fu wrote:

> Does anyone know if ftpaccess file for version 2.4(82) can be used
> with version 2.4.2-beta-18-vr14?

the only reported problem has been on the 'class' line when using
wildcards in IP numbers. VR14 does not support wildcards sich as
127.*.*.*

VR15 will support wildcard, but I recommend switching to IP/CIDR or
IP:MASK notation instead since it's less abiguous.

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Thu Feb 18 11:10:04 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id LAA15842;
Thu, 18 Feb 1999 11:10:03 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id LAA10301;
Thu, 18 Feb 1999 11:06:33 -0600 (CST)
Received: from oceane.cict.fr (oceane.cict.fr [192.70.79.4])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id LAA12593
for <[email protected]>; Thu, 18 Feb 1999 11:06:03 -0600 (CST)
Received: from salines.cict.fr (salines.cict.fr [195.220.60.3]) by oceane.cict.fr (8.8.3/8.7.4) with ESMTP id SAA04445 for <[email protected]>; Thu, 18 Feb 1999 18:05:59 +0100 (MET)
Received: (from pb@localhost)
by salines.cict.fr (8.8.4/8.8.4)
id SAA22107 for [email protected]; Thu, 18 Feb 1999 18:06:01 +0100 (MET)
Message-Id: <[email protected]>
Date: Thu, 18 Feb 1999 18:06:01 +0100 (MET)
Reply-To: [email protected]
Sender: [email protected]
From: Pierrette Barbaresco <[email protected]>
To: [email protected]
Subject: ftpaccess
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-Mailer: ELM [version 2.4 PL25]
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Hi,

When updating wu-ftpd-2.4.2 from beta-14 to beta-18 on Solaris 2.5,
I found some problems.

I use ftpaccess upload feature to allow upload for guestgroup and to modify
uploaded file permissions .

upload /users/ftpanon/ftp * no
upload /users/ftpanon/ftp /trav yes essaif sysmaint 0660 nodirs
upload /users/ftpanon/ftp/* /trav yes essaif sysmaint 0660 nodirs

Passwd guest entry :

essaif:x:1367:112::/users/ftpanon/ftp/./trav:/etc/ftponly

The problem seems to come from realpath.c :

realpath.c ( beta 14 ) last two lines

strcpy(result, workpath);
return (result);

realpath.c ( beta 18 ) last three lines

(void)strncpy(result, namebuf, MAXPATHLEN - 1); namebuf is empty
result[MAXPATHLEN - 1] = '\0';
return (result);

With wu-ftpd-2.4.2-beta-18-vr14 permissions are not modified.

--
------------------------------------------------------------------------------
Pierrette Barbaresco tel: 05 61 36 60 08
CICT
118, route de Narbonne Email: [email protected]
31062 Toulouse Cedex
------------------------------------------------------------------------------

From [email protected] Thu Feb 18 11:36:14 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id LAA16145;
Thu, 18 Feb 1999 11:36:13 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id LAA12537;
Thu, 18 Feb 1999 11:32:35 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id LAA07793
for <[email protected]>; Thu, 18 Feb 1999 11:29:30 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id MAA25139;
Thu, 18 Feb 1999 12:29:12 -0500
Message-Id: <[email protected]>
Date: Thu, 18 Feb 1999 12:29:12 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: Pierrette Barbaresco <[email protected]>
Cc: [email protected]
Subject: Re: ftpaccess
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Thu, 18 Feb 1999, Pierrette Barbaresco wrote:

> I use ftpaccess upload feature to allow upload for guestgroup and to
> modify uploaded file permissions .
>
> upload /users/ftpanon/ftp * no
> upload /users/ftpanon/ftp /trav yes essaif sysmaint 0660 nodirs
> upload /users/ftpanon/ftp/* /trav yes essaif sysmaint 0660 nodirs
>
> Passwd guest entry :
>
> essaif:x:1367:112::/users/ftpanon/ftp/./trav:/etc/ftponly

I'll leave off your third rule since it never worked on any version of
wu-ftpd. It'll work with VR, but that's another issue.

With a VR version, try one of the two methods instead:

upload relative /trav * no
upload relative /trav /trav yes essaif sysmaint 0660 nodirs

-or-

upload /users/ftpanon/ftp/trav * no
upload /users/ftpanon/ftp/trav /trav essaif sysmaint 0660 nodirs

I recommend the second form. The first is there to support
BeroFTPD/NEWVIRT and can lead to ambiuous upload rules.

The problem as I saw it was the syntax

upload <root> <dir> ...

Did <root> mean chroot-point? If so, it's ambiguous. I couldn't have
different rules for different users in the same chroot-area.

Does <root> mean home-dir? Is so, it needed to be relative to the
chroot-point and that's ambiguous too. I couldn't use different rules on
home directories with the same name in different chroot-areas.

So I push everything through realpath() and add (unless you say relative)
the chroot directory. This gives a nice, canonical name which can be
unambiguously matched without need to worry about chroot, symlinks, etc.
In fact, the only way to fool it, as far as I can see, is by hardlinked
directories (if even then).

I challenge that the upload clauses you had actually worked pre-VR, or if
they did, this user was a special case or you never checked user-to-user
interaction against the upload clauses. I may be wrong, but I could never
get upload to work correctly in anything but the most trivial cases. I
also never went back through the academ betas to try to figure out where
upload was broken, assuming it ever worked, so I guess it's possible you
were running an old enough version that it actually did work for you.

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Thu Feb 18 12:21:37 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id MAA16695;
Thu, 18 Feb 1999 12:21:36 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id MAA31308;
Thu, 18 Feb 1999 12:17:50 -0600 (CST)
Received: from optima.cs.arizona.edu (optima.CS.Arizona.EDU [192.12.69.5])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id MAA13006
for <[email protected]>; Thu, 18 Feb 1999 12:14:32 -0600 (CST)
Received: from lectura.CS.Arizona.EDU (lectura.CS.Arizona.EDU [192.12.69.186])
by optima.cs.arizona.edu (8.9.1a/8.9.1) with ESMTP id LAA10834;
Thu, 18 Feb 1999 11:13:47 -0700 (MST)
Received: from localhost (localhost [127.0.0.1])
by lectura.CS.Arizona.EDU (8.9.1a/8.9.1) with ESMTP id LAA26177;
Thu, 18 Feb 1999 11:13:45 -0700 (MST)
Message-Id: <[email protected]>
Date: Thu, 18 Feb 1999 11:13:45 -0700 (MST)
Reply-To: [email protected]
Sender: [email protected]
From: Jim Davis <[email protected]>
To: "Javier Puche. CSIC RedIRIS" <[email protected]>
Cc: [email protected]
Subject: Re: reverse resolution
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

This is on Solaris 2.6? I think there was a resolver patch recently to
fix various bogosities with classless IP address resolution. Try
installing patch 105755 if you haven't already.

From [email protected] Thu Feb 18 14:44:42 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id OAA18554;
Thu, 18 Feb 1999 14:44:41 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id OAA20980;
Thu, 18 Feb 1999 14:40:56 -0600 (CST)
Received: from amber.ccs.neu.edu ([email protected] [129.10.116.51])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id OAA22952
for <[email protected]>; Thu, 18 Feb 1999 14:36:24 -0600 (CST)
Received: from bellatrix.ccs.neu.edu ([email protected] [129.10.116.157])
by amber.ccs.neu.edu (8.9.1a/8.9.1) with ESMTP id PAA23524
for <[email protected]>; Thu, 18 Feb 1999 15:36:19 -0500 (EST)
Message-Id: <[email protected]>
Date: Thu, 18 Feb 1999 15:36:18 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Aris Yannopoulos <[email protected]>
To: WU-FTPD Discussion List <[email protected]>
Subject: Total non-anonymous without prompts
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

VR14::Solaris-2.6

The machine in question has to be real only (no anon, or guests).

Is there a way to make it refuse anonymous logins completely? Right now
what happens is it says:

331 Guest login ok, send your complete e-mail address as password.

but because they are not in ftpaccess it doesn't let them in. Any way to
just have it refuse them with just the name?

Ari(=

-= Madness is not an illness... it's a privilege... =-

From [email protected] Thu Feb 18 15:03:11 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id PAA18838;
Thu, 18 Feb 1999 15:03:10 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id OAA10937;
Thu, 18 Feb 1999 14:59:42 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id OAA12548
for <[email protected]>; Thu, 18 Feb 1999 14:53:12 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id PAA28392;
Thu, 18 Feb 1999 15:53:08 -0500
Message-Id: <[email protected]>
Date: Thu, 18 Feb 1999 15:53:07 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: Aris Yannopoulos <[email protected]>
Cc: WU-FTPD Discussion List <[email protected]>
Subject: Re: Total non-anonymous without prompts
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Thu, 18 Feb 1999, Aris Yannopoulos wrote:

> VR14::Solaris-2.6
>
> The machine in question has to be real only (no anon, or guests).
>
> Is there a way to make it refuse anonymous logins completely? Right now
> what happens is it says:
>
> 331 Guest login ok, send your complete e-mail address as password.
>
> but because they are not in ftpaccess it doesn't let them in. Any way to
> just have it refuse them with just the name?

Sure. Edit config.h to

#define HELP_HACKERS

then `./build clean ; ./build sol` will re-enable all kinds of stuff like
you're looking for.

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Thu Feb 18 15:04:05 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id PAA18859;
Thu, 18 Feb 1999 15:04:04 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id PAA15927;
Thu, 18 Feb 1999 15:00:39 -0600 (CST)
Received: from amber.ccs.neu.edu ([email protected] [129.10.116.51])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id OAA30020
for <[email protected]>; Thu, 18 Feb 1999 14:54:36 -0600 (CST)
Received: from bellatrix.ccs.neu.edu ([email protected] [129.10.116.157])
by amber.ccs.neu.edu (8.9.1a/8.9.1) with ESMTP id PAA24597
for <[email protected]>; Thu, 18 Feb 1999 15:54:35 -0500 (EST)
Message-Id: <[email protected]>
Date: Thu, 18 Feb 1999 15:54:34 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Aris Yannopoulos <[email protected]>
To: WU-FTPD Discussion List <[email protected]>
Subject: Re: Total non-anonymous without prompts
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

>
> Sure. Edit config.h to
>
> #define HELP_HACKERS

Nope, I just realized that it is ignoring them even though they are in
ftpusers :(

-= Madness is not an illness... it's a privilege... =-

From [email protected] Thu Feb 18 15:21:50 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id PAA19166;
Thu, 18 Feb 1999 15:21:50 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id PAA14370;
Thu, 18 Feb 1999 15:18:30 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id PAA08636
for <[email protected]>; Thu, 18 Feb 1999 15:13:08 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id QAA28751;
Thu, 18 Feb 1999 16:13:04 -0500
Message-Id: <[email protected]>
Date: Thu, 18 Feb 1999 16:13:04 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: Aris Yannopoulos <[email protected]>
Cc: WU-FTPD Discussion List <[email protected]>
Subject: Re: Total non-anonymous without prompts
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Thu, 18 Feb 1999, Aris Yannopoulos wrote:

> To clarify I just want the forbidden users from ftpusers to be denied
> without even asking for a password. Users not def'd in ftpusers
> should be authenticated normally (ie whether they exist or not should
> just return a normal failure)

Yeah, HELP_HACKERS is what you want to enable.

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Thu Feb 18 15:28:10 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id PAA19269;
Thu, 18 Feb 1999 15:28:09 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id PAA12303;
Thu, 18 Feb 1999 15:24:39 -0600 (CST)
Received: from amber.ccs.neu.edu ([email protected] [129.10.116.51])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id PAA08094
for <[email protected]>; Thu, 18 Feb 1999 15:22:13 -0600 (CST)
Received: from bellatrix.ccs.neu.edu ([email protected] [129.10.116.157])
by amber.ccs.neu.edu (8.9.1a/8.9.1) with ESMTP id QAA26132
for <[email protected]>; Thu, 18 Feb 1999 16:22:12 -0500 (EST)
Message-Id: <[email protected]>
Date: Thu, 18 Feb 1999 16:22:12 -0500 (EST)
Reply-To: WU-FTPD Discussion List <[email protected]>
Sender: [email protected]
From: Aris Yannopoulos <[email protected]>
To: WU-FTPD Discussion List <[email protected]>
Subject: Re: Total non-anonymous without prompts
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

> > To clarify I just want the forbidden users from ftpusers to be denied
> > without even asking for a password. Users not def'd in ftpusers
> > should be authenticated normally (ie whether they exist or not should
> > just return a normal failure)
>
> Yeah, HELP_HACKERS is what you want to enable.

Wouldn't that also do it for any user as well (not just those in
ftpusers?)

Ari(=

-= Madness is not an illness... it's a privilege... =-

From [email protected] Thu Feb 18 15:54:11 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id PAA19621;
Thu, 18 Feb 1999 15:54:10 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id PAA16404;
Thu, 18 Feb 1999 15:50:40 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id PAA07702
for <[email protected]>; Thu, 18 Feb 1999 15:44:00 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id QAA29074
for <[email protected]>; Thu, 18 Feb 1999 16:43:57 -0500
Message-Id: <[email protected]>
Date: Thu, 18 Feb 1999 16:43:57 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: WU-FTPD Discussion List <[email protected]>
Subject: Re: Total non-anonymous without prompts
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Thu, 18 Feb 1999, Aris Yannopoulos wrote:

> > > To clarify I just want the forbidden users from ftpusers to be denied
> > > without even asking for a password. Users not def'd in ftpusers
> > > should be authenticated normally (ie whether they exist or not should
> > > just return a normal failure)
> >
> > Yeah, HELP_HACKERS is what you want to enable.
>
> Wouldn't that also do it for any user as well (not just those in
> ftpusers?)

The HELP_CRACKERS option re-enabled the old way of handling login
failures. If a bad username was given, it failed immedeately with a
message to that effect. If the username was listed in ftpusers, it said
so. If a bad password was give, it told you that as well. This is the
way beta-18 and all prior versions of wu-ftpd worked.

with VR14, when you #undef HELP_CRACKERS (the default) all this is
modified. The daemon behaves the same right up to the point where a
password would let you in. The it kicks you out, for whatever reason,
with a single message that does not indicate _why_ you're being kicked
out. Maybe you entered a unknown username, or you tried to login as root,
or you typo's your password.

The idea is to make it harder to tell what usernames exist on the ftp
server. Anonymous ftp usesthe username 'ftp' and is treated just like
anyone else under this scheme.

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Thu Feb 18 16:14:24 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id QAA19907;
Thu, 18 Feb 1999 16:14:23 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id PAA25033;
Thu, 18 Feb 1999 15:02:00 -0600 (CST)
Received: from amber.ccs.neu.edu ([email protected] [129.10.116.51])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id OAA20683
for <[email protected]>; Thu, 18 Feb 1999 14:56:09 -0600 (CST)
Received: from bellatrix.ccs.neu.edu ([email protected] [129.10.116.157])
by amber.ccs.neu.edu (8.9.1a/8.9.1) with ESMTP id PAA24695
for <[email protected]>; Thu, 18 Feb 1999 15:56:08 -0500 (EST)
Message-Id: <[email protected]>
Date: Thu, 18 Feb 1999 15:56:07 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Aris Yannopoulos <[email protected]>
To: WU-FTPD Discussion List <[email protected]>
Subject: Re: Total non-anonymous without prompts
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

To clarify I just want the forbidden users from ftpusers to be denied
without even asking for a password. Users not def'd in ftpusers should be
authenticated normally (ie whether they exist or not should just return a
normal failure)

-= Madness is not an illness... it's a privilege... =-

From [email protected] Thu Feb 18 19:01:00 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id TAA21697;
Thu, 18 Feb 1999 19:00:59 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id SAA28547;
Thu, 18 Feb 1999 18:57:26 -0600 (CST)
Received: from apollo.gat.com (apollo.gat.com [192.5.166.20])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id SAA21543
for <[email protected]>; Thu, 18 Feb 1999 18:56:15 -0600 (CST)
Received: from nt-usc (NT-USC.GAT.COM [192.5.166.179])
by apollo.gat.com (8.9.1/8.9.0) with SMTP id QAA08116
for <[email protected]>; Thu, 18 Feb 1999 16:56:13 -0800 (PST)
Message-Id: <[email protected]>
Date: Thu, 18 Feb 1999 16:56:13 -0800
Reply-To: [email protected]
Sender: [email protected]
From: Tony Warner <[email protected]>
To: [email protected]
Subject: wu-2.4.2-academ[BETA-18-VR13] & Digital C2 security
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Sender: [email protected]
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

I've posted a similar question here before and was told to upgrade to a
more current version of wu-ftpd.
Ok, so now I'm running wuftpd 2.4.2 beta 18 VR13.
This is on a Alpha personal workstation 433 with Digital Unix 4.0D.
I am also running Enhanced Security.

I modified some files per the FAQ to account for the added security:

Make these changes to ./src/config/config.osf :

#define SecureWare
#include <sys/secdefines.h>
#include <sys/types.h>
#include <sys/security.h>
#include <sys/audit.h>
#include <prot.h>

and add the following to ./src/makefiles/Makefile.osf

LIBES = -lsupport -lsecurity -laud

I compiled with "build du4". there were a few warnings during the
compilation, but
everything seemed to build ok.

If I start up ftpd in the inetd file normally, everything works great.
However, if I add the -a at the end to enable the extended features, no
logins are
accepted. The server allows access by real and anonymous users, but the login
attempt fails with a "Login incorrect" message.

my inetd.conf line looks like this:

ftp stream tcp nowait root /usr/sbin/ftpd ftpd -a

What am I missing?

Tony Warner

*********************************************************************
Tony Warner [email protected]
General Atomics (619) 455-4285

*********************************************************************

From [email protected] Thu Feb 18 19:20:12 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id TAA21969;
Thu, 18 Feb 1999 19:20:11 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id TAA01970;
Thu, 18 Feb 1999 19:16:42 -0600 (CST)
Received: from gw1.bfg.com (gateway.bfg.com [131.187.253.2])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id TAA26691
for <[email protected]>; Thu, 18 Feb 1999 19:10:41 -0600 (CST)
Received: (from uucp@localhost)
by gw1.bfg.com (8.8.8/8.8.8) id UAA27531;
Thu, 18 Feb 1999 20:10:38 -0500 (EST)
Received: from ns1.bfg.com(192.73.67.20) by gw1.bfg.com via smap (V2.1)
id sma027450; Thu, 18 Feb 99 20:10:13 -0500
Received: from localhost (keller@localhost)
by ns1.bfg.com (8.8.8/8.8.8) with SMTP id UAA14744;
Thu, 18 Feb 1999 20:10:11 -0500 (EST)
Message-Id: <[email protected]>
Date: Thu, 18 Feb 1999 20:10:08 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Ted Keller <[email protected]>
To: Tony Warner <[email protected]>
Cc: [email protected]
Subject: Re: wu-2.4.2-academ[BETA-18-VR13] & Digital C2 security
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Tony,

Just a couple of things to check....

Make sure that the version of the ftpd is the wu one - and not the digital
one. Just verify that your running what you think you are. Second, make
sure you have the file /etc/shells populated with the shells - as
specified in your /etc/passwd file.

Wonder through your syslog - and see if anything is complaining there.
Also check out the last accessed times on ftpaccess - and verify that it
is being read and checked.

Sorry if I can't be more helpful.

ted keller - bfg.com

On Thu, 18 Feb 1999, Tony Warner wrote:

>
> I've posted a similar question here before and was told to upgrade to a
> more current version of wu-ftpd.
> Ok, so now I'm running wuftpd 2.4.2 beta 18 VR13.
> This is on a Alpha personal workstation 433 with Digital Unix 4.0D.
> I am also running Enhanced Security.
>
> I modified some files per the FAQ to account for the added security:
>
> Make these changes to ./src/config/config.osf :
>
> #define SecureWare
> #include <sys/secdefines.h>
> #include <sys/types.h>
> #include <sys/security.h>
> #include <sys/audit.h>
> #include <prot.h>
>
> and add the following to ./src/makefiles/Makefile.osf
>
> LIBES = -lsupport -lsecurity -laud
>
> I compiled with "build du4". there were a few warnings during the
> compilation, but
> everything seemed to build ok.
>
> If I start up ftpd in the inetd file normally, everything works great.
> However, if I add the -a at the end to enable the extended features, no
> logins are
> accepted. The server allows access by real and anonymous users, but the login
> attempt fails with a "Login incorrect" message.
>
> my inetd.conf line looks like this:
>
> ftp stream tcp nowait root /usr/sbin/ftpd ftpd -a
>
> What am I missing?
>
> Tony Warner
>
>
> *********************************************************************
> Tony Warner [email protected]
> General Atomics (619) 455-4285
>
> *********************************************************************
>

From [email protected] Thu Feb 18 19:33:20 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id TAA22171;
Thu, 18 Feb 1999 19:33:19 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id TAA01533;
Thu, 18 Feb 1999 19:29:29 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id TAA04122
for <[email protected]>; Thu, 18 Feb 1999 19:23:33 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id UAA30916;
Thu, 18 Feb 1999 20:23:28 -0500
Message-Id: <[email protected]>
Date: Thu, 18 Feb 1999 20:23:28 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: Tony Warner <[email protected]>
Cc: [email protected]
Subject: Re: wu-2.4.2-academ[BETA-18-VR13] & Digital C2 security
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Thu, 18 Feb 1999, Tony Warner wrote:

> If I start up ftpd in the inetd file normally, everything works great.
> However, if I add the -a at the end to enable the extended features,
> no logins are accepted. The server allows access by real and
> anonymous users, but the login attempt fails with a "Login incorrect"
> message.
>
> my inetd.conf line looks like this:
>
> ftp stream tcp nowait root /usr/sbin/ftpd ftpd -a
>
> What am I missing?

First, check that you're running the VR version. The greeting will assure
you of that. If it's not the VR version, kill -HUP inetd and check again.
If it's still not, the /usr/sbin/ftpd program is the wrong one.

Next, check that the access file is being used. Add the following line at
the top:

greeting brief

and log into FTP again. The greeting you see should be much reduced. If
it's not, run ckconfig and see if it complains about anything;
specifically about not being able to find ftpaccess.

Finally, watch the system logs when you attempt to login to ftp. If you
don't see anything, check your /etc/syslog.conf (or equivalent) to ensure
you're sending everything _somewhere_.

If the daemon isn't dying with a signal, all login failures are logged to
the system log with the specific reason.

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Thu Feb 18 19:48:17 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id TAA22368;
Thu, 18 Feb 1999 19:48:16 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id TAA27942;
Thu, 18 Feb 1999 19:42:20 -0600 (CST)
Received: from engr.orst.edu (ENGR.ORST.EDU [128.193.54.1])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id TAA01365
for <[email protected]>; Thu, 18 Feb 1999 19:41:33 -0600 (CST)
Received: from localhost (toml@localhost)
by engr.orst.edu (8.8.8/8.8.8) with SMTP id RAA23470;
Thu, 18 Feb 1999 17:41:08 -0800 (PST)
Message-Id: <[email protected]>
Date: Thu, 18 Feb 1999 17:41:07 -0800
Reply-To: [email protected]
Sender: [email protected]
From: Tom Lieuallen <[email protected]>
To: [email protected]
Cc: WU-FTPD Discussion List <[email protected]>
Subject: Re: VR13/VR14 open issues - HPUX
In-Reply-To: Your message of "Wed, 17 Feb 1999 11:48:48 PST."
<[email protected]>
X-Authentication-Warning: engr.orst.edu: toml@localhost didn't use HELO protocol
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

> A lot has been happenning over the past few days with wu-ftpd and the VR
> versions. So much so, in fact, that I'm afraid that I may let things slip
> through the cracks. So here's what comes to my mind as the currently open
> issues needing resolution. If you've raised an issue which isn't on here
> and which hasn't been resolved, let me know. This email is as much to
> help me keep organized as it is to you the chance to ensure I'm not
> forgetting your problem; if it appears I have, send me a personal note.
>
> HPUX
> ----
> A signal (SIGBUS?) kills the daemon during login while trying to set the
> umask to the site-default value. A patch was submitted to me personally
> today, which I forwared to the list. I am awaiting reports as to whether
> this actually solved the problem. It was localized to the umask by
> hard-coding the default umask rather than using the ftpaccess/command-line
> values.

I had problems compiling with HP's C/ANSI C compiler (not bundled with
the OS) before applying the patch. With the patch that was previously
posted, this compile works as it should. The binary even works -- a
bonus. :-) I haven't tested it thoroughly, but it has solved
the obvious problems.

As for feedback -- I could not get gcc 2.8.1 to create a usable binary
for HPUX 10.20. The compile succeeds without complaint (even before
the patch, I believe), but the binary is not very functional. Real
users can authenticate just fine and do the basic commands. However,
anonymous users are kicked out as soon as they attempt 'ls'. The
following is a sample message from syslog:

Feb 18 17:15:50 myhostname ftpd[6143]: USER ftp
Feb 18 17:15:51 myhostname ftpd[6143]: PASS toml@
Feb 18 17:15:51 myhostname ftpd[6143]: SYST
Feb 18 17:15:51 myhostname ftpd[6143]: TYPE Image
Feb 18 17:15:52 myhostname ftpd[6143]: PORT
Feb 18 17:15:52 myhostname ftpd[6143]: TYPE ASCII
Feb 18 17:15:52 myhostname ftpd[6143]: LIST
Feb 18 17:15:52 myhostname ftpd[6143]: exiting on signal 11

The ~ftp directory tree is the same as I was using for beta-15
and also works fine for beta-18-vr14 when compiled with HP's C compiler.
So, I don't think it is an issue with my 'ls' binary or missing
libraries.

I'm going to run with the HP C compiled version, so this isn't urgent
for me -- but someone else might have the same problem. (Or I could
have done something stupid.) :-)

thank you

Tom Lieuallen
Oregon State University

From [email protected] Fri Feb 19 03:17:17 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id DAA25943;
Fri, 19 Feb 1999 03:17:17 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id DAA21751;
Fri, 19 Feb 1999 03:11:33 -0600 (CST)
Received: from nendaz.idiap.ch (nendaz.idiap.ch [192.33.221.29])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id DAA26336
for <[email protected]>; Fri, 19 Feb 1999 03:05:33 -0600 (CST)
Received: from idiap.ch (localhost [127.0.0.1])
by nendaz.idiap.ch (8.9.1/8.9.1) with ESMTP id KAA14718
for <[email protected]>; Fri, 19 Feb 1999 10:05:28 +0100 (MET)
Message-Id: <[email protected]>
Date: Fri, 19 Feb 1999 10:05:28 +0100
Reply-To: [email protected]
Sender: [email protected]
From: [email protected]
To: [email protected]
Subject: Re: ftpaccess
In-Reply-To: Your message of "Thu, 18 Feb 1999 18:06:01 +0100."
<[email protected]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Sender: [email protected]
X-Mailer: exmh version 2.0.2 2/24/98
X-Url: http://www.idiap.ch/~bornet
X-face: #Xak+]ARp%7LWpjM`xm!e8Q.))&_I8h5^{SRgmVh;;N@qQ@A'`g^%&*O/m6%a0x&_#f"49K
BxmOazI`uPT2'X]UQCZS7r-*Y!*i7lm-`WH;Tz:82'oE#(O>7W3JR"O\Z@5fh?Y3fc0jynKS5txXR"
.LTeWZC*POMh=uJ]L0E4UP@<T)WQ
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Hello,

> When updating wu-ftpd-2.4.2 from beta-14 to beta-18 on Solaris 2.5,
> I found some problems.

I also have found one problem updating from beta-18 to beta-18 VR releases :
the compression/tar don't work. Now, I have found the error : in ftpaccess,
I have change from

class all real,anonymous *
compress yes local remote
tar yes local remote

to

class all real,anonymous *
compress yes all
tar yes all

Now, the compression/tar work OK.

Good day.

Olivier

--
. __ . ___ __. | Olivier Bornet email : [email protected]
/ / ` / / / / / | IDIAP phone : +41-27-721'77'40
/ / / / /--/ /--' | CP 592 fax : +41-27-721'77'12
/ /__.' / / / / | CH-1920 Martigny http://www.idiap.ch/~bornet
| Get my PGP-key : "finger [email protected]"
Swiss Ice Hockey Results: http://www.idiap.ch/cgi-bin/SportWeb.cgi?-e

From [email protected] Fri Feb 19 04:18:19 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id EAA26436;
Fri, 19 Feb 1999 04:18:19 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id EAA06501;
Fri, 19 Feb 1999 04:14:42 -0600 (CST)
Received: from tolot.rema.co.at ([194.112.187.26])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id EAA23079
for <[email protected]>; Fri, 19 Feb 1999 04:08:57 -0600 (CST)
Received: by mail.linz.merlin.at with Internet Mail Service (5.5.2232.9)
id <FDYFM2JW>; Fri, 19 Feb 1999 11:08:39 +0100
Message-Id: <[email protected]>
Date: Fri, 19 Feb 1999 11:08:37 +0100
Reply-To: [email protected]
Sender: [email protected]
From: Martin Reinsprecht <[email protected]>
To: [email protected]
Subject: Do not see anything when using ls or dir on guest accounts
MIME-Version: 1.0
Content-Type: text/plain
X-Mailer: Internet Mail Service (5.5.2232.9)
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

I am using wuftpd Version Beta 15 on a Linux System

I tried to get up running guest ftp access. I used the guest howto to get
this running.

Logging in works fine for guest user but executing ls or dir shows nothing
in the directory although there is something in.
I can also upload doenload files and create and change directories

nlist command shows directory contents up correctly

i created a lib directory although not necessary for static links as i
understand that group FAQ and a bin directory with static link on /bin/ls
Using the ELF binaries i copied also ld.so.x into lib directory.

Thanks in advance
Martin R.

----------------------------------------------------------------------------
---------
Dipl. Ing. Dr. Martin Reinsprecht
MERLIN Dienstleistungs- und Handels- GmbH
Durisolstrasse 7
A-4600 Wels
Tel +43 7242 777870
Fax +43 7242 7778717
http://www.merlin.at
mailto://[email protected]

From [email protected] Fri Feb 19 04:50:18 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id EAA26689;
Fri, 19 Feb 1999 04:50:17 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id EAA10984;
Fri, 19 Feb 1999 04:46:41 -0600 (CST)
Received: from kohle.lausitz.net (kohle.lausitz.net [151.189.5.2])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id EAA25287
for <[email protected]>; Fri, 19 Feb 1999 04:43:05 -0600 (CST)
Received: from koepp.lausitz.net (lncb2n.lausitz.net [151.189.85.5])
by kohle.lausitz.net (Netscape Messaging Server 3.01) with SMTP
id AAA6642; Fri, 19 Feb 1999 11:45:22 +0100
Message-Id: <[email protected]>
Date: Fri, 19 Feb 1999 11:44:45 +0100
Reply-To: [email protected]
Sender: [email protected]
From: "Karsten Koepp" <[email protected]>
To: [email protected], [email protected]
Subject: Re: Do not see anything when using ls or dir on guest accounts
In-Reply-To: <[email protected]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Sender: [email protected] (Unverified)
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.0
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

At 11:08 19.02.99 +0100, Martin Reinsprecht wrote:
>
> I am using wuftpd Version Beta 15 on a Linux System
>
>I tried to get up running guest ftp access. I used the guest howto to get
>this running.
>
>Logging in works fine for guest user but executing ls or dir shows nothing
>in the directory although there is something in.
>I can also upload doenload files and create and change directories
>
>nlist command shows directory contents up correctly
>
>i created a lib directory although not necessary for static links as i
>understand that group FAQ and a bin directory with static link on /bin/ls
>Using the ELF binaries i copied also ld.so.x into lib directory.
>
>Thanks in advance
>Martin R.

Yesterday I set up a WU-FTPd on a Solaris System, it was tricky enough for me.
Your problem is certainly that ls doesn't work within the guest chroot
environment.
Be aware that you must not use soft links to create the files in bin, etc,
dev and
usr within the guestusers home. Even for linked files the root will change.
As well it looks as if you did not copy all necessary libraries.

I will attach a listing of my copied libraries and devices, it may differ a
bit
as I use WUftp on Solaris.

# ls -lR
:
total 10
drwxr-xr-x 2 root other 512 Feb 19 11:12 bin
drwxr-xr-x 2 root other 512 Feb 19 11:21 dev
drwxr-xr-x 2 root other 512 Feb 19 11:22 etc
drwxr-xr-x 3 root other 512 Feb 19 11:25 usr

/bin:
total 36
---x--x--x 1 root other 17500 Feb 19 11:12 ls

/dev:
total 0
cr--r--r-- 1 root other 13, 2 Feb 19 11:21 null
cr--r--r-- 1 root other 11, 42 Feb 19 11:21 tcp
cr--r--r-- 1 root other 105, 1 Feb 19 11:21 ticoltsord
cr--r--r-- 1 root other 11, 41 Feb 19 11:21 udp
cr--r--r-- 1 root other 13, 12 Feb 19 11:21 zero

/etc:
total 4
-r--r--r-- 1 root other 61 Feb 19 11:23 group
-r--r--r-- 1 root other 158 Feb 19 11:23 passwd

/usr:
total 4
lrwxrwxrwx 1 root other 6 Feb 19 11:25 bin -> ../bin
drwxr-xr-x 2 root other 512 Feb 19 11:28 lib

/usr/lib:
total 4176
-rwxr-xr-x 1 root other 24576 Feb 19 11:26 ld.so
-rwxr-xr-x 1 root other 143968 Feb 19 11:26 ld.so.1
-rwxr-xr-x 1 root other 1013232 Feb 19 11:26 libc.so.1
-rwxr-xr-x 1 root other 4348 Feb 19 11:26 libdl.so.1
-rwxr-xr-x 1 root other 2468 Feb 19 11:26 libintl.so.1
-rwxr-xr-x 1 root other 19304 Feb 19 11:27 libmp.so.2
-rwxr-xr-x 1 root other 719592 Feb 19 11:27 libnsl.so.1
-rwxr-xr-x 1 root other 53656 Feb 19 11:27 libsocket.so.1
-rwxr-xr-x 1 root other 6708 Feb 19 11:27 libw.so.1
-rwxr-xr-x 1 root other 9804 Feb 19 11:28 nss_dns.so.1
-rwxr-xr-x 1 root other 27000 Feb 19 11:28 nss_files.so.1
-rwxr-xr-x 1 root other 30348 Feb 19 11:28 nss_nis.so.1
-rwxr-xr-x 1 root other 35772 Feb 19 11:28 nss_nisplus.so.1
-rwxr-xr-x 1 root other 10696 Feb 19 11:28 straddr.so.2

This configuration works for our system.

Karsten Koepp

******************************************************
Karsten Koepp [email protected]
SB Internet/Intranet www.lausitznet.de

LausitzNET Tel: 0355 / 355-1238
Lausitzer Str. 1-7 Fax: 0355 / 355-1400
03046 Cottbus

From [email protected] Fri Feb 19 05:02:51 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id FAA26811;
Fri, 19 Feb 1999 05:02:50 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id EAA29765;
Fri, 19 Feb 1999 04:59:30 -0600 (CST)
Received: from kohle.lausitz.net (kohle.lausitz.net [151.189.5.2])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id EAA31198
for <[email protected]>; Fri, 19 Feb 1999 04:52:58 -0600 (CST)
Received: from koepp.lausitz.net (lncb2n.lausitz.net [151.189.85.5])
by kohle.lausitz.net (Netscape Messaging Server 3.01) with SMTP
id AAA6703 for <[email protected]>;
Fri, 19 Feb 1999 11:55:11 +0100
Message-Id: <[email protected]>
Date: Fri, 19 Feb 1999 11:54:35 +0100
Reply-To: [email protected]
Sender: [email protected]
From: "Karsten Koepp" <[email protected]>
To: [email protected]
Subject: Can't ftp as root
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Sender: [email protected] (Unverified)
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.0
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

I have a problem logging in as root via wu-ftpd ...

I get the following error:

Name (energie:koepp): root
331 Password required for root.
Password:
530 Login incorrect.
Login failed.

It certainly is the correct password. Every other user
can login, it is just root who gets the error. With
in.ftpd root can login as well.

things that i have checked:
the files passwd and group are o.k., the root shell is
included in /etc/shells.
There is no ftpusers file, and all files in the wuftpd-
directory are zero:

# cd /opt/WUftpd/etc/
# ls -l
total 726
-rw-r--r-- 1 root other 51 Feb 19 09:00 banner
-rw-r--r-- 1 bin bin 80 Feb 19 09:43 ftpaccess
-rwxr-xr-x 1 bin bin 357992 Jun 2 1997 ftpd
drwxr-xr-x 2 bin bin 512 Okt 13 19:21 ftpd-old
-rw-r--r-- 1 bin bin 0 Jun 2 1997 ftpgroups
-rw-r--r-- 1 bin bin 0 Jun 2 1997 ftphosts
-rw-r--r-- 1 bin bin 0 Jun 2 1997 ftpusers

the file ftpaccess is as follows:

class local real,guest *
guestgroup ftpguests
banner /opt/WUftpd/etc/banner

Is there any other file which is to be modified?

Thanks for your help
Karsten Koepp

******************************************************
Karsten Koepp [email protected]
SB Internet/Intranet www.lausitznet.de

LausitzNET Tel: 0355 / 355-1238
Lausitzer Str. 1-7 Fax: 0355 / 355-1400
03046 Cottbus

From [email protected] Fri Feb 19 05:09:46 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id FAA26862;
Fri, 19 Feb 1999 05:09:45 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id FAA29051;
Fri, 19 Feb 1999 05:05:59 -0600 (CST)
Received: from tolot.rema.co.at ([194.112.187.26])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id FAA15300
for <[email protected]>; Fri, 19 Feb 1999 05:04:43 -0600 (CST)
Received: by mail.linz.merlin.at with Internet Mail Service (5.5.2232.9)
id <FDYFM2KB>; Fri, 19 Feb 1999 12:04:24 +0100
Message-Id: <[email protected]>
Date: Fri, 19 Feb 1999 12:04:23 +0100
Reply-To: [email protected]
Sender: [email protected]
From: Martin Reinsprecht <[email protected]>
To: [email protected]
Subject: Thanks to all Problem solved there was a missing library
MIME-Version: 1.0
Content-Type: text/plain
X-Mailer: Internet Mail Service (5.5.2232.9)
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

I had a missing library in ~/lib

Thanks to all

----------------------------------------------------------------------------
---------
Dipl. Ing. Dr. Martin Reinsprecht
MERLIN Dienstleistungs- und Handels- GmbH
Durisolstrasse 7
A-4600 Wels
Tel +43 7242 777870
Fax +43 7242 7778717
http://www.merlin.at
mailto://[email protected]

From [email protected] Fri Feb 19 05:41:46 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id FAA27121;
Fri, 19 Feb 1999 05:41:45 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id FAA29729;
Fri, 19 Feb 1999 05:38:30 -0600 (CST)
Received: from mailhost.dircon.co.uk (mailhost.dircon.co.uk [194.112.32.65])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id FAA22320
for <[email protected]>; Fri, 19 Feb 1999 05:36:17 -0600 (CST)
Received: from ([194.164.165.9])
by mailhost.dircon.co.uk (8.9.1/8.8.7) with ESMTP id LAA13934
for <wu-ftpd%[email protected]>; Fri, 19 Feb 1999 11:36:16 GMT
Message-Id: <[email protected]>
Date: Fri, 19 Feb 1999 11:36:13 +0000
Reply-To: [email protected]
Sender: [email protected]
From: Chris Heathcote <[email protected]>
To: [email protected]
Subject: Re: Can't ftp as root
In-Reply-To: <[email protected]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
X-Sender: [email protected]
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

At 11:54 am +0100 on 19/2/99, Karsten Koepp wrote:

> I have a problem logging in as root via wu-ftpd ...
>
> It certainly is the correct password. Every other user
> can login, it is just root who gets the error. With
> in.ftpd root can login as well.

*shudder*

You really really shouldn't be connecting as root; passwords are sent
as plaintext during FTP authentication, any packet sniffer could then
gain root access to your server.

It's better to create a new up/download area with it's own user (with
little/no privilidges), FTP stuff to/from it, and then telnet (if
this is the only shell access you have; far more secure to
install/use SSH than telnet) to the box as the user, then su to root.

c.
______________________________________________________
Chris Heathcote <Head> New Media
http://www.head-newmedia.com/ tel: +44(0)1717377579
http://www.head-space.org/ fax: +44(0)1717377971
______________________________________________________

From [email protected] Fri Feb 19 10:21:56 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id KAA00279;
Fri, 19 Feb 1999 10:21:55 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id KAA05181;
Fri, 19 Feb 1999 10:18:01 -0600 (CST)
Received: from apollo.gat.com (apollo.gat.com [192.5.166.20])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id KAA26622
for <[email protected]>; Fri, 19 Feb 1999 10:16:11 -0600 (CST)
Received: from nt-usc (NT-USC.GAT.COM [192.5.166.179])
by apollo.gat.com (8.9.1/8.9.0) with SMTP id IAA16545;
Fri, 19 Feb 1999 08:15:56 -0800 (PST)
Message-Id: <[email protected]>
Date: Fri, 19 Feb 1999 08:15:55 -0800
Reply-To: [email protected]
Sender: [email protected]
From: Tony Warner <[email protected]>
To: [email protected]
Cc: [email protected]
Subject: SUMMARY: wu-2.4.2-academ[BETA-18-VR13] & Digital C2 security
In-Reply-To: <[email protected]>
References: <[email protected]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Sender: [email protected]
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Ok, I finally got this thing working. Thanks for the help!
It turns out that ftpd was looking in a different place for the
ftpaccess file. I had placed it in /usr/local/etc/ftpaccess,
and it was looking in /usr/local/lib/ftpd/ftpaccess.
I thought I had placed it in the default location (according to
some documentation I had read). Where does one configure
this path?

Anyway, thanks again.

Tony Warner

At 08:23 PM 2/18/99 -0500, Gregory A Lundberg wrote:
>On Thu, 18 Feb 1999, Tony Warner wrote:
>
>> If I start up ftpd in the inetd file normally, everything works great.
>> However, if I add the -a at the end to enable the extended features,
>> no logins are accepted. The server allows access by real and
>> anonymous users, but the login attempt fails with a "Login incorrect"
>> message.
>>
>> my inetd.conf line looks like this:
>>
>> ftp stream tcp nowait root /usr/sbin/ftpd ftpd -a
>>
>> What am I missing?
>
>First, check that you're running the VR version. The greeting will assure
>you of that. If it's not the VR version, kill -HUP inetd and check again.
>If it's still not, the /usr/sbin/ftpd program is the wrong one.
>
>Next, check that the access file is being used. Add the following line at
>the top:
>
>greeting brief
>
>and log into FTP again. The greeting you see should be much reduced. If
>it's not, run ckconfig and see if it complains about anything;
>specifically about not being able to find ftpaccess.
>
>Finally, watch the system logs when you attempt to login to ftp. If you
>don't see anything, check your /etc/syslog.conf (or equivalent) to ensure
>you're sending everything _somewhere_.
>
>If the daemon isn't dying with a signal, all login failures are logged to
>the system log with the specific reason.
>
>--
>
>Gregory A Lundberg Senior Partner, VRnet Company
>1441 Elmdale Drive [email protected]
>Kettering, OH 45409-1615 USA 1-800-809-2195
>
>

*********************************************************************
Tony Warner [email protected]
General Atomics (619) 455-4285

*********************************************************************

From [email protected] Fri Feb 19 10:40:33 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id KAA00473;
Fri, 19 Feb 1999 10:40:32 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id KAA10782;
Fri, 19 Feb 1999 10:37:00 -0600 (CST)
Received: from post.mail.demon.net (finch-post-10.mail.demon.net [194.217.242.38])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id KAA08988
for <[email protected]>; Fri, 19 Feb 1999 10:30:34 -0600 (CST)
Received: from [194.222.222.232] (helo=t-s-l.demon.co.uk)
by post.mail.demon.net with smtp (Exim 2.12 #1)
id 10Dsoy-0006Pn-00
for [email protected]; Fri, 19 Feb 1999 16:30:32 +0000
Received: by t-s-l.demon.co.uk with SMTP (Microsoft Exchange Server Internet Mail Connector Version 4.0.996.62)
id <[email protected]>; Fri, 19 Feb 1999 16:30:33 -0000
Message-Id: <c=US%a=_%p=TSL%[email protected]>
Date: Fri, 19 Feb 1999 16:30:33 -0000
Reply-To: [email protected]
Sender: [email protected]
From: Mark Francis <[email protected]>
To: "'[email protected]'" <[email protected]>,
"'[email protected]'" <[email protected]>
Cc: "'[email protected]'" <[email protected]>
Subject: RE: SUMMARY: wu-2.4.2-academ[BETA-18-VR13] & Digital C2 security
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Exchange Server Internet Mail Connector Version 4.0.996.62
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

To change the path edit ~src/pathnames.h & recompile your ftpd.
Cheers,
Mark Francis
Analyst/Programmer
Teamwork Solutions Ltd
Phone: +44(0) 161 228 2286
Fax: +44(o) 161 228 2900
Email: [email protected]
Web: http://teamwork-solutions.com

-----Original Message-----
From: Tony Warner [SMTP:[email protected]]
Sent: 19 February 1999 08:16
To: [email protected]
Cc: [email protected]
Subject: SUMMARY: wu-2.4.2-academ[BETA-18-VR13] & Digital C2 security

Ok, I finally got this thing working. Thanks for the help!
It turns out that ftpd was looking in a different place for the
ftpaccess file. I had placed it in /usr/local/etc/ftpaccess,
and it was looking in /usr/local/lib/ftpd/ftpaccess.
I thought I had placed it in the default location (according to
some documentation I had read). Where does one configure
this path?

Anyway, thanks again.

Tony Warner

At 08:23 PM 2/18/99 -0500, Gregory A Lundberg wrote:
>On Thu, 18 Feb 1999, Tony Warner wrote:
>
>> If I start up ftpd in the inetd file normally, everything works great.
>> However, if I add the -a at the end to enable the extended features,
>> no logins are accepted. The server allows access by real and
>> anonymous users, but the login attempt fails with a "Login incorrect"
>> message.
>>
>> my inetd.conf line looks like this:
>>
>> ftp stream tcp nowait root /usr/sbin/ftpd ftpd -a
>>
>> What am I missing?
>
>First, check that you're running the VR version. The greeting will assure
>you of that. If it's not the VR version, kill -HUP inetd and check again.
>If it's still not, the /usr/sbin/ftpd program is the wrong one.
>
>Next, check that the access file is being used. Add the following line at
>the top:
>
>greeting brief
>
>and log into FTP again. The greeting you see should be much reduced. If
>it's not, run ckconfig and see if it complains about anything;
>specifically about not being able to find ftpaccess.
>
>Finally, watch the system logs when you attempt to login to ftp. If you
>don't see anything, check your /etc/syslog.conf (or equivalent) to ensure
>you're sending everything _somewhere_.
>
>If the daemon isn't dying with a signal, all login failures are logged to
>the system log with the specific reason.
>
>--
>
>Gregory A Lundberg Senior Partner, VRnet Company
>1441 Elmdale Drive [email protected]
>Kettering, OH 45409-1615 USA 1-800-809-2195
>
>

*********************************************************************
Tony Warner [email protected]
General Atomics (619) 455-4285

*********************************************************************

From [email protected] Fri Feb 19 10:41:40 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id KAA00496;
Fri, 19 Feb 1999 10:41:39 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id KAA10016;
Fri, 19 Feb 1999 10:38:07 -0600 (CST)
Received: from nuinfo.nwu.edu ([email protected] [129.105.212.72])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id KAA01677
for <[email protected]>; Fri, 19 Feb 1999 10:33:26 -0600 (CST)
Received: (from lunde@localhost)
by nuinfo.nwu.edu (8.8.8/8.8.8) id KAA14041;
Fri, 19 Feb 1999 10:33:03 -0600 (CST)
Message-Id: <[email protected]>
Date: Fri, 19 Feb 1999 10:33:02 CST
Reply-To: [email protected] (Albert Lunde)
Sender: [email protected]
From: [email protected] (Albert Lunde)
To: [email protected]
Subject: Re: SUMMARY: wu-2.4.2-academ[BETA-18-VR13] & Digital C2 security
In-Reply-To: <[email protected]>; from "Tony Warner" at Feb 19, 99 8:15 am
X-Sender: [email protected] (Albert Lunde)
X-Mailer: Elm [revision: 212.4]
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

> It turns out that ftpd was looking in a different place for the
> ftpaccess file. I had placed it in /usr/local/etc/ftpaccess,
> and it was looking in /usr/local/lib/ftpd/ftpaccess.
> I thought I had placed it in the default location (according to
> some documentation I had read). Where does one configure
> this path?

The paths can be configured by defining and undefining symbols
in src/config/config.xxx (where xxx is your architecture code).

In more extreme cases (as when I wanted to use totally different
cases for testing) on can edit src/pathnames.h directly
(which is where the conditional options for various commonly
used path locations are defined.)

For what it's worth, this is my favorite idiom for checking
for file paths in a binary:
= =
% strings /local-adm/bin/ftpd | egrep '/[a-z]+/' | sort -u
/bin/cksum
/bin/csh
/bin/ftp-exec
/bin/ls
/bin/ls -la
/bin/md5sum
/bin/sh
/dev/null
/etc/shells
/usr/bin/sh
/usr/lib/dld.sl
/usr/local/lib/ftpd/ftpaccess
/usr/local/lib/ftpd/ftpconversions
/usr/local/lib/ftpd/ftpgroups
/usr/local/lib/ftpd/ftphosts
/usr/local/lib/ftpd/ftpusers
/var/adm/wtmp
/var/adm/xferlog
/var/pid/ftp.pids-%s
/var/pid/ftpd.pid
FTP LOGIN REFUSED (ftp not in /etc/passwd) FROM %s, %s
= =

--
Albert Lunde [email protected]

From [email protected] Fri Feb 19 11:19:53 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id LAA00954;
Fri, 19 Feb 1999 11:19:52 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id LAA18700;
Fri, 19 Feb 1999 11:16:05 -0600 (CST)
Received: from sb2inet2.dowjones.com (firewall-user@[207.78.107.3])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id LAA10672
for <[email protected]>; Fri, 19 Feb 1999 11:12:56 -0600 (CST)
Received: by sb2inet2.dowjones.com; id MAA26132; Fri, 19 Feb 1999 12:12:40 -0500
Received: from wsj.dowjones.com(143.131.186.4) by sb2inet2.sb2inet2.dowjones.com via smap (3.2)
id xma026104; Fri, 19 Feb 99 12:12:28 -0500
Received: from wsj.dowjones.com by wsj.wsj.dowjones.com (8.8.8+Sun/SMI-SVR4)
id MAA13986; Fri, 19 Feb 1999 12:12:36 -0500 (EST)
Message-Id: <[email protected]>
Date: Fri, 19 Feb 1999 12:14:09 -0500
Reply-To: [email protected]
Sender: [email protected]
From: Elaine Mele <[email protected]>
To: [email protected]
Subject: Problems with getting upload to work using wu-2.4.2-academ[BETA-18-VR14]
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Sender: [email protected]
X-Mailer: Mozilla 4.5 [en] (X11; U; SunOS 5.6 sun4m)
X-Accept-Language: sv
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

I am configure wu-2.4.2-academ[BETA-18-VR14] on a Solaris 2.6 system. I
see that my /etc/ftpaccess file is being read as the welcome message is
displayed when I log on as my test user. My problem is that the upload
parameters are not working. When I upload a file it read:

-rw-r--r-- 1 500 1 52 Feb 19 16:50 motd

The permissions should be rw-r---- with an owner of ftptest (it's not
converting the uid to the name) and a group of guests (1000).

Any help is appreciated. I need to fix this as soon as possible.

The user "ftptest" is configured in /etc/passwd and /ftp/FTP/etc/passwd
as follows:

ftptest:x:500:1::/ftp/FTP/./ftptest:/etc/ftponly

The group permissions are as follows:

guests::1000:newuser,ftptest

The permission set are those in the inetd.conf file:

ftp stream tcp nowait root /usr/sbin/ftpd ftpd -ldioa
-t300 -u 022

My ftpaccess file is as follows:

class local real *
class anon anonymous *
class guest guest *

guestgroup guests

readme README* login
readme README cwd=*

message /etc/welcome login anon
message /etc/welcome.vendor cwd=/vendor anon
message /etc/welcome.local login guest

log commands real,guest,anonymous
log transfers anonymous,guest,real inbound,outbound

path-filter anonymous /etc/pathmsg ^[-A-Za-z0-9_\.]*$ ^\. ^-
path-filter guest /etc/pathmsg ^[-A-Za-z0-9_\.]*$ ^\. ^-

upload /ftp/FTP * no

upload /ftp/FTP /ftptest yes ftptest guests 0640
upload /ftp/FTP /ftptest/* yes root daemon 0600

From [email protected] Fri Feb 19 11:38:43 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id LAA01122;
Fri, 19 Feb 1999 11:38:42 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id LAA03995;
Fri, 19 Feb 1999 11:35:17 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id LAA10198
for <[email protected]>; Fri, 19 Feb 1999 11:34:10 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id MAA07056;
Fri, 19 Feb 1999 12:32:44 -0500
Message-Id: <[email protected]>
Date: Fri, 19 Feb 1999 12:32:44 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: Elaine Mele <[email protected]>
Cc: [email protected]
Subject: Re: Problems with getting upload to work using
wu-2.4.2-academ[BETA-18-VR14]
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

My Tao of Uploads was posted yesterday. I'll just tell you how to fix
this ...

On Fri, 19 Feb 1999, Elaine Mele wrote:

> ftptest:x:500:1::/ftp/FTP/./ftptest:/etc/ftponly

> upload /ftp/FTP * no
> upload /ftp/FTP /ftptest yes ftptest guests 0640
> upload /ftp/FTP /ftptest/* yes root daemon 0600

upload /ftp/FTP/ftptest * no
upload /ftp/FTP/ftptest /ftptest yes ftptest guests 0640
upload /ftp/FTP/ftptest /ftptest/* yes root daemon 0600

Oh dear! Do you really intend to provide root shell-level access to
everyone on the Internet? Maybe you'd better change the ownerships on
that last line .. RIGHT NOW.

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Fri Feb 19 11:41:15 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id LAA01158;
Fri, 19 Feb 1999 11:41:14 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id LAA10984;
Fri, 19 Feb 1999 11:37:38 -0600 (CST)
Received: from ueitm1.unisourcelink.com ([38.149.121.67])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id LAA29141
for <[email protected]>; Fri, 19 Feb 1999 11:34:56 -0600 (CST)
Received: by UEITM1 with Internet Mail Service (5.5.1960.3)
id <1V0ZAM84>; Fri, 19 Feb 1999 12:39:10 -0500
Message-Id: <6BEE6C82D85BD211B4E700805F85A25D329667@PHLWAYM1>
Date: Fri, 19 Feb 1999 12:34:01 -0500
Reply-To: [email protected]
Sender: [email protected]
From: "Elliott, Don (Exton, PA)" <[email protected]>
To: "'[email protected]'" <[email protected]>
Cc: "'[email protected]'" <[email protected]>
Subject: RE: BeroFTPD-1.3.2 configure question
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="---- =_NextPart_001_01BE5C2E.BCFF05D0"
X-Mailer: Internet Mail Service (5.5.1960.3)
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------ =_NextPart_001_01BE5C2E.BCFF05D0
Content-Type: text/plain

James,

I'm coming up with the same exact error message that you are when
running "configure" for BeroFTPD-1.3.2:

"checking how to determine wtmpx file... configure: error: Cannot find
out how to
locate wtmpx file. Contact [email protected]."

Have you been able to get by this problem yet? I'm using GCC-2.8.1 and
the exact same configure switches that you did...

If you have any ideas on how to get around this, I would be most
appreciative...

Regards,

Don Elliott

**************************************************
Don Elliott
UNIX Analyst
Unisource Worldwide Inc.
[email protected]
610.280.5838

------ =_NextPart_001_01BE5C2E.BCFF05D0
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
5.5.1960.3">
<TITLE>RE: BeroFTPD-1.3.2 configure question</TITLE>
</HEAD>
<BODY>

James,


I'm coming up with the same exact =
error message that you are when running "configure" for =
BeroFTPD-1.3.2:


"checking how to determine =
wtmpx file... configure: error: Cannot find out how to
 locate wtmpx file. Contact =
[email protected]."


Have you been able to get by this =
problem yet? I'm using GCC-2.8.1 and the exact same configure switches =
that you did...

If you have any ideas on how to get =
around this, I would be most appreciative...


Regards,


Don Elliott


**************************************************</FON=
T>
 Don Elliott
 UNIX Analyst
 Unisource Worldwide Inc.
 [email protected]
 610.280.5838


</BODY>
</HTML>
------ =_NextPart_001_01BE5C2E.BCFF05D0--

From [email protected] Fri Feb 19 12:50:34 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id MAA02059;
Fri, 19 Feb 1999 12:50:33 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id MAA30513;
Fri, 19 Feb 1999 12:46:27 -0600 (CST)
Received: from sb2inet2.dowjones.com (firewall-user@[207.78.107.3])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id MAA32169
for <[email protected]>; Fri, 19 Feb 1999 12:43:36 -0600 (CST)
Received: by sb2inet2.dowjones.com; id NAA11241; Fri, 19 Feb 1999 13:43:23 -0500
Received: from wsj.dowjones.com(143.131.186.4) by sb2inet2.sb2inet2.dowjones.com via smap (3.2)
id xma011225; Fri, 19 Feb 99 13:43:17 -0500
Received: from wsj.dowjones.com by wsj.wsj.dowjones.com (8.8.8+Sun/SMI-SVR4)
id NAA21731; Fri, 19 Feb 1999 13:43:26 -0500 (EST)
Message-Id: <[email protected]>
Date: Fri, 19 Feb 1999 13:45:00 -0500
Reply-To: [email protected]
Sender: [email protected]
From: Elaine Mele <[email protected]>
To: [email protected], [email protected]
Subject: Re: Problems with getting upload to work
usingwu-2.4.2-academ[BETA-18-VR14]
References: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Sender: [email protected]
X-Mailer: Mozilla 4.5 [en] (X11; U; SunOS 5.6 sun4m)
X-Accept-Language: sv
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Gregory,

That's and interesting fix. Our current ftp server allows you to not
allow at the chroot level (/ftp/FTP), which is my intension as we have
many accounts I need to set up. As to the root being used, it's for test
purposes only. I'm still not getting the name/uid translation and I
don't know why. If you have an answer to that part of the question, it
will help greatly.

Elaine

Gregory A Lundberg wrote:

> My Tao of Uploads was posted yesterday. I'll just tell you how to fix
> this ...
>
> On Fri, 19 Feb 1999, Elaine Mele wrote:
>
> > ftptest:x:500:1::/ftp/FTP/./ftptest:/etc/ftponly
>
> > upload /ftp/FTP * no
> > upload /ftp/FTP /ftptest yes ftptest guests 0640
> > upload /ftp/FTP /ftptest/* yes root daemon 0600
>
> upload /ftp/FTP/ftptest * no
> upload /ftp/FTP/ftptest /ftptest yes ftptest guests 0640
> upload /ftp/FTP/ftptest /ftptest/* yes root daemon 0600
>
> Oh dear! Do you really intend to provide root shell-level access to
> everyone on the Internet? Maybe you'd better change the ownerships on
> that last line .. RIGHT NOW.
>
> --
>
> Gregory A Lundberg Senior Partner, VRnet Company
> 1441 Elmdale Drive [email protected]
> Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Fri Feb 19 13:02:33 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id NAA02195;
Fri, 19 Feb 1999 13:02:33 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id MAA27710;
Fri, 19 Feb 1999 12:59:04 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id MAA07403
for <[email protected]>; Fri, 19 Feb 1999 12:57:04 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id NAA08439;
Fri, 19 Feb 1999 13:56:00 -0500
Message-Id: <[email protected]>
Date: Fri, 19 Feb 1999 13:56:00 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: Elaine Mele <[email protected]>
Cc: [email protected]
Subject: Re: Problems with getting upload to work
usingwu-2.4.2-academ[BETA-18-VR14]
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Fri, 19 Feb 1999, Elaine Mele wrote:

> That's and interesting fix. Our current ftp server allows you to not
> allow at the chroot level (/ftp/FTP), which is my intension as we have
> many accounts I need to set up. As to the root being used, it's for
> test purposes only. I'm still not getting the name/uid translation
> and I don't know why. If you have an answer to that part of the
> question, it will help greatly.

On root ownership of uploaded files: OK, but don't forget it's there.
That's a VERY hot potato you're playing with.

On your old ftpaccess upload clauses: I doubt they worked like you thought
they did, if at all. If you have 'many accounts', I know they didn't and
you just never noticed.

Part of the goal of the VR updates was to make it a lot easier to manage a
site with a lot of guest users; like I have here. A well-done upload
system was needed. The older versions didn't get it right. It seemed to
me that it used to be right, but I never bothered to go look for when it
broke; I just fixed it.

If you're not getting uid/name translation, that's probably because you
don't have ~ftp/etc/passwd and/or ~ftp/etc/group with those names in them.

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Fri Feb 19 13:47:48 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id NAA02761;
Fri, 19 Feb 1999 13:47:47 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id NAA31235;
Fri, 19 Feb 1999 13:44:21 -0600 (CST)
Received: from krjda.com (webserver.krjda.com [204.249.105.134] (may be forged))
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id NAA24613
for <[email protected]>; Fri, 19 Feb 1999 13:43:26 -0600 (CST)
Received: from krjda.com [204.249.105.150] by krjda.com
with Novonyx SMTP Server $Revision: 1.76 $; Fri, 19 Feb 1999 14:39:30 -0500 (EDT)
Message-Id: <[email protected]>
Date: Fri, 19 Feb 1999 14:39:29 -0500
Reply-To: [email protected]
Sender: [email protected]
From: Bill Delphenich <[email protected]>
To: WU-FTPD <[email protected]>
Subject: Can't delete files
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Mailer: Mozilla 4.5 [en] (Win95; I)
X-Accept-Language: de-DE
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

I am using the GUESTGROUP feature to allow FTP users to upload and
download files into specific directories on our server. That is all
working fine. However the user is not able to delete his own file from
the server. I have played around with the UPLOAD entry in /etc/ftpaccess
but I can't get it to work.

A typical entry in /etc/ftpaccess for a user is:
upload /home/ftp /pub/9101 yes joebuck ftponly 770 nodirs

What am I missing? How can I let these people delete files?

Thanks for any assistance.

From [email protected] Fri Feb 19 14:00:36 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id OAA02945;
Fri, 19 Feb 1999 14:00:35 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id NAA11744;
Fri, 19 Feb 1999 13:57:10 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id NAA13399
for <[email protected]>; Fri, 19 Feb 1999 13:55:29 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id OAA09426;
Fri, 19 Feb 1999 14:55:23 -0500
Message-Id: <[email protected]>
Date: Fri, 19 Feb 1999 14:55:23 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: Bill Delphenich <[email protected]>
Cc: WU-FTPD <[email protected]>
Subject: Re: Can't delete files
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Fri, 19 Feb 1999, Bill Delphenich wrote:

> I am using the GUESTGROUP feature to allow FTP users to upload and
> download files into specific directories on our server. That is all
> working fine. However the user is not able to delete his own file from
> the server. I have played around with the UPLOAD entry in
> /etc/ftpaccess but I can't get it to work.
>
> A typical entry in /etc/ftpaccess for a user is:
> upload /home/ftp /pub/9101 yes joebuck ftponly 770 nodirs
>
> What am I missing? How can I let these people delete files?

check the 'delete' clause in your ftpaccess.

if they get a message 'denied (delete)', that's the reason.

if they get a message 'permissions', check the _directory_ permissions and
owernships

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Fri Feb 19 14:06:56 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id OAA03030;
Fri, 19 Feb 1999 14:06:55 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id OAA31527;
Fri, 19 Feb 1999 14:03:31 -0600 (CST)
Received: from nis.acs.uci.edu (nis.acs.uci.edu [128.200.16.34])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id OAA03029
for <[email protected]>; Fri, 19 Feb 1999 14:02:42 -0600 (CST)
Received: from nis.acs.uci.edu (bingy.acs.uci.edu [128.200.34.36]) by nis.acs.uci.edu (8.8.8/) with ESMTP id MAA16431; Fri, 19 Feb 1999 12:02:07 -0800 (PST)
Message-Id: <[email protected]>
Date: Fri, 19 Feb 1999 12:02:00 -0800
Reply-To: [email protected]
Sender: [email protected]
From: Dan Stromberg <[email protected]>
To: [email protected]
Cc: "'[email protected]'" <[email protected]>,
"'[email protected]'" <[email protected]>
Subject: beroftpd, wtmpx and upload directories
References: <6BEE6C82D85BD211B4E700805F85A25D329667@PHLWAYM1>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Sender: [email protected]
X-Mailer: Mozilla 4.5 [en] (X11; I; SunOS 5.7 sun4u)
X-Accept-Language: en
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

I had this same problem with BeroFTPD 1.2.3 on OSF/1.

Here are my notes to myself for when I need to recompile this again:

On OSF/1, I had to manually change all occurences of _PATH_WTMPX to
"/var/adm/wtmp" and I had to #if NEVER the stuff in logwtmp.c.

This produced a version of beroftpd that doesn't do wtmp logging like
one would hope, but it seems basically functional.

However, we've been having problems configuring upload directories using
BeroFTPD across the board: sun, linux, sgi and dec. They all say
"permission denied" when I try to put a file.

One of the ftpaccess files looks like:

class all real,guest,anonymous *

limit all 10 Any /etc/msgs/msg.dead

readme README* login
readme README* cwd=*

message /welcome.msg login
message .message cwd=*

compress yes local remote
tar yes local remote

log commands real
log transfers anonymous,real inbound,outbound

shutdown /etc/shutmsg

email [email protected]
path-filter anonymous /etc/paths.msg ^[-A-Za-z0-9\._]*$ ^\. ^-
upload /c1t4/anon-ftp * no
upload /c1t4/anon-ftp /pub/incoming yes root daemon 0400
nodirs
guestgroup sunpat

A truss during a "put foo" attempt shows:

9668: read(0, " S T O R f o o\r\n", 8192) = 10
9668: alarm(0) = 900
9668: time() = 919454387
9668: open(".", O_RDONLY) Err#13 EACCES

Do I need to make the incoming directory writable by the ftp user?
ISTR a CERT advisory that recommended against making any of the chroot'd
files owned by user ftp.

Anyone have any suggestions?

"Elliott, Don (Exton, PA)" wrote:

>
>
> James,
>
> I'm coming up with the same exact error message that you are when
> running "configure" for BeroFTPD-1.3.2:
>
> "checking how to determine wtmpx file... configure: error: Cannot find
> out how to
> locate wtmpx file. Contact [email protected]."
>
> Have you been able to get by this problem yet? I'm using GCC-2.8.1 and
> the exact same configure switches that you did...
>
> If you have any ideas on how to get around this, I would be most
> appreciative...
>
> Regards,
>
> Don Elliott
>
> **************************************************
> Don Elliott
> UNIX Analyst
> Unisource Worldwide Inc.
> [email protected]
> 610.280.5838

From [email protected] Fri Feb 19 14:19:49 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id OAA03228;
Fri, 19 Feb 1999 14:19:48 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id OAA23053;
Fri, 19 Feb 1999 14:16:21 -0600 (CST)
Received: from lulu.acns.nwu.edu (lulu.acns.nwu.edu [129.105.16.54])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id OAA03744
for <[email protected]>; Fri, 19 Feb 1999 14:11:28 -0600 (CST)
Received: (from mailnull@localhost)
by lulu.acns.nwu.edu (8.8.7/8.8.7) id OAA27895;
Fri, 19 Feb 1999 14:11:17 -0600 (CST)
Received: from socrates.tss.nwu.edu(129.105.110.129) by lulu.acns.nwu.edu via smap (V2.0)
id xma026978; Fri, 19 Feb 99 14:09:17 -0600
Message-Id: <v03110700b2f37478b5fc@[129.105.110.129]>
Date: Fri, 19 Feb 1999 14:09:05 -0600
Reply-To: [email protected]
Sender: [email protected]
From: Albert Lunde <[email protected]>
To: [email protected]
Subject: RE: BeroFTPD-1.3.2 configure question
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Sender: [email protected] (Unverified)
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

>I'm coming up with the same exact error message that you are when
>running "configure" for BeroFTPD-1.3.2:
>
>"checking how to determine wtmpx file... configure: error: Cannot find
>out how to
>locate wtmpx file. Contact [email protected]."
>
>Have you been able to get by this problem yet? I'm using GCC-2.8.1 and
>the exact same configure switches that you did...

This sounds like a problem I had on HP/UX which I tried to report recently
to [email protected], but which may not have gotten thru
because of DNS trouble.

>Subject: problems with building BeroFTPD-1.3.3 on HP/UX 10.20
>I'm sending this report to document what I see as two problems with your
>"configure" script.
>
>First, HP/UX 10.20 seems to have a quirk. It has a header file umptx.h, and
>it has a file /var/adm/wtmpx:
>
>>pubweb 39# ls -ld /var/adm/wtmp*
>>-rw-r--r-- 1 adm adm 127701840 Feb 13 17:08 /var/adm/wtmp
>>-rw-r--r-- 1 root sys 280 Dec 31 19:30 /var/adm/wtmpx
>
>But the only time /var/adm/wtmpx seems to be updated is at system reboot: I
>can't find any commands that do anything to it. And there is nothing in the
>header files that defines a symbol for its location:
>
>>pubweb 41# egrep -in wtmp /usr/include/*.h /usr/include/sys/*.h | egrep
>>define
>>/usr/include/utmp.h:18:#define WTMP_FILE "/var/adm/wtmp"
>>pubweb 42#
>
>This causes the error below:
>
>>checking how to determine wtmpx file... configure: error: Cannot find out
>>how to
>> locate wtmpx file. Contact [email protected].
>
>I worked around this bug by deleting the test for "utmpx.h" from the long
>list of header file tests: this seems to produce results as if the test had
>failed.
>
>>pubweb 48# diff configure.dist configure
>>3135c3135
>>< for ac_hdr in unistd.h stdlib.h fcntl.h dirent.h ftw.h regex.h shadow.h
>>grp.h
>>alloca.h sys/termio.h sys/statvfs.h sys/statfs.h sys/vfs.h
>>sys/systeminfo.h sysl
>>og.h sys/syslog.h sys/param.h limits.h values.h bsd/bsd.h posix1_lim.h
>>xopen_lim
>>.h confname.h sys/file.h utmpx.h sac.h strings.h string.h memory.h ndir.h
>>sys/nd
>>ir.h sys/dir.h config.h libgen.h arpa/ftp.h
>>---
>>> for ac_hdr in unistd.h stdlib.h fcntl.h dirent.h ftw.h regex.h shadow.h
>>>grp.h
>>alloca.h sys/termio.h sys/statvfs.h sys/statfs.h sys/vfs.h
>>sys/systeminfo.h sysl
>>og.h sys/syslog.h sys/param.h limits.h values.h bsd/bsd.h posix1_lim.h
>>xopen_lim
>>.h confname.h sys/file.h sac.h strings.h string.h memory.h ndir.h
>>sys/ndir.h sys
>>/dir.h config.h libgen.h arpa/ftp.h
>>pubweb 49#
>
>Another problem is that to get the HP ANSI compiler to work in ANSI mode,
>an extra parameter is required: "-Aa" or "-Ae" ("-Ae" is preferred because
>it also turns on a bunch of symbol definitions). The autodetection scheme
>seems to be unable to figure this out, and there isn't a clearly documented
>way to override things like this. It turned out that I _could_ override it
>by defining CFLAGS when I ran configure, but this is not obvious.
>
>The errors this caused looked like this:
>> (cd support ; make all)
>> cc -g -c -o authuser.o authuser.c
>>cc: "authuser.c", line 36: error 1705: Function prototypes are an ANSI
>>feature.
>>cc: "authuser.c", line 50: error 1705: Function prototypes are an ANSI
>>feature.
>>cc: "authuser.c", line 71: error 1705: Function prototypes are an ANSI
>>feature.
>>cc: "authuser.c", line 100: error 1705: Function prototypes are an ANSI
>>feature.
>>*** Error exit code 1
>
>
>This is what I used to actually compile it (with configure hacked as above
>for the utmpx.h problem):
>
>>pubweb 53# cat my.configure
>>#!/usr/bin/csh -vx
>>setenv CFLAGS "-Ae"
>>nohup ./configure --prefix=/local-adm \
>> --with-confdir=/usr/local/lib/test-ftpd \
>> --with-logdir=/var/adm/test-ftpd \
>> --with-piddir=/var/test-pid \
>> >& my.configure.out.$$ &
>>#
>>ps -f
>>#
>>ls -la my.configure.out.$$
>>#
>>pubweb 54#
>
>The various directory values represent local practice and stuff for
>testing, not anything required by the OS.

---
Albert Lunde [email protected]

From [email protected] Fri Feb 19 14:26:29 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id OAA03316;
Fri, 19 Feb 1999 14:26:28 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id OAA02493;
Fri, 19 Feb 1999 14:22:52 -0600 (CST)
Received: from gate-sl1.mdli.com (ns2.mdli.com [208.200.221.3])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id OAA02095
for <[email protected]>; Fri, 19 Feb 1999 14:19:31 -0600 (CST)
Received: (from smap@localhost)
by gate-sl1.mdli.com (8.8.8/8.8.8) id MAA22127
for <[email protected]>; Fri, 19 Feb 1999 12:10:42 -0800 (PST)
Received: from puffin.mdli.com(191.254.19.10) by gate-sl1.mdli.com via smap (V2.1)
id xma022123; Fri, 19 Feb 99 12:10:38 -0800
Received: from hawk.mdli.com by puffin.mdli.com (8.8.5/BCH1.0)
id MAA21355; Fri, 19 Feb 1999 12:18:56 -0800 (PST)
Received: by hawk.mdli.com (980427.SGI.8.8.8/930416.SGI.AUTO)
for [email protected] id MAA33235; Fri, 19 Feb 1999 12:18:55 -0800 (PST)
Message-Id: <[email protected]>
Date: Fri, 19 Feb 1999 12:18:55 -0800
Reply-To: [email protected]
Sender: [email protected]
From: "David Mostardi" <[email protected]>
To: [email protected]
Subject: Autogroup not working
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Z-Mail (3.2.3 08feb96 MediaMail)
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

I want internal anonymous users to autogroup to "mdluser",
who then have permission to write to directory /pub.
But I get the error "Permission denied. (Upload)", which
leads me to believe that the autogroup is not happening.

Have I made any obvious errors? I am testing from within
one of the <addrglob>s listed.

ftpaccess
---------
class mdl-anon anonymous 172.15.0.0 172.16.0.0 172.17.0.0 172.18.0.0
autogroup mdluser mdl-anon

upload /usr/ftp * no
upload /usr/ftp /upload yes mdluser mdluser 0660 dirs
upload /usr/ftp /pub yes mdluser mdluser 0664 dirs

/etc/passwd
-----------
mdluser:*:801:801:MDL User:/usr/ftp/./pub:/dev/null

ls -l /usr/ftp
--------------
dr-xr-xr-x 2 root sys 512 Jul 23 1998 bin/
dr-xr-xr-x 2 root sys 512 Jul 23 1998 dev/
dr-xr-xr-x 3 root sys 512 Feb 12 11:14 etc/
dr-xr-xr-x 2 root sys 512 Jul 23 1998 lib/
dr-xr-xr-x 2 root sys 512 Feb 9 12:04 lib32/
drwxrwxr-x 2 mdluser mdluser 4096 Feb 16 11:43 pub/
drwxrwxr-x 2 ftp ftp 512 Feb 16 11:43 upload/

Many thanks,
------------------------------------------------------------------------
David Mostardi Web: http://www.mdli.com
Unix Systems Manager Email: [email protected]
MDL Information Systems, Inc. Voice: (510) 357-2222 x1420
14600 Catalina St., San Leandro CA 94577 Fax: (510) 352-2870

-- "When in danger or in doubt, run in circles, scream and shout"

From [email protected] Fri Feb 19 15:25:14 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id PAA04055;
Fri, 19 Feb 1999 15:25:13 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id PAA10195;
Fri, 19 Feb 1999 15:21:32 -0600 (CST)
Received: from wildman.derelicts.priv ([206.100.141.203])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id PAA29776
for <[email protected]>; Fri, 19 Feb 1999 15:18:26 -0600 (CST)
Received: from wildman.derelicts.priv (greg@localhost [127.0.0.1])
by wildman.derelicts.priv (8.8.7/8.8.7) with SMTP id PAA00642
for <[email protected]>; Fri, 19 Feb 1999 15:19:13 -0600
Message-Id: <[email protected]>
Date: Fri, 19 Feb 1999 15:16:14 -0600
Reply-To: [email protected]
Sender: [email protected]
From: wildman <[email protected]>
To: [email protected]
Subject: Please help me compile for virtual ftp.
Content-Type: text/plain
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Mailer: KMail [version 1.1.0]
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

I am sorry I am slow but I can not find where to put
the -DVIRTUAL

Can someone please help me?
I am on a Redhat linux 5.2 system.
I have the source from the srpms directory of the distribution cd.

I have looked through the Makefile.lnx and I do not see any place
to put the stuff..

Sorry

From [email protected] Fri Feb 19 15:56:45 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id PAA04438;
Fri, 19 Feb 1999 15:56:44 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id PAA15400;
Fri, 19 Feb 1999 15:53:12 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id PAA29993
for <[email protected]>; Fri, 19 Feb 1999 15:50:57 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id QAA10805;
Fri, 19 Feb 1999 16:50:53 -0500
Message-Id: <[email protected]>
Date: Fri, 19 Feb 1999 16:50:53 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: wildman <[email protected]>
Cc: [email protected]
Subject: Re: Please help me compile for virtual ftp.
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Fri, 19 Feb 1999, wildman wrote:

> I am sorry I am slow but I can not find where to put the -DVIRTUAL
>
> Can someone please help me? I am on a Redhat linux 5.2 system. I have
> the source from the srpms directory of the distribution cd.
>
> I have looked through the Makefile.lnx and I do not see any place to
> put the stuff..

just instal the rpm, virtual mode is already compiled in.

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Sat Feb 20 13:19:59 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id NAA02529;
Sat, 20 Feb 1999 13:19:58 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id NAA15474;
Sat, 20 Feb 1999 13:15:05 -0600 (CST)
Received: from mail-atm.nycap.rr.com ([email protected] [24.92.32.1])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id NAA01435
for <[email protected]>; Sat, 20 Feb 1999 13:11:04 -0600 (CST)
Received: from yua2.nycap.rr.com (cisco-56-184.nycap.rr.com [24.92.56.184])
by mail-atm.nycap.rr.com (8.9.1/8.9.1) with SMTP id OAA09297
for <[email protected]>; Sat, 20 Feb 1999 14:11:00 -0500 (EST)
Message-Id: <[email protected]>
Date: Sat, 20 Feb 1999 14:12:04 -0500
Reply-To: [email protected]
Sender: [email protected]
From: Alex Yu <[email protected]>
To: [email protected]
Subject: Hack into wu-ftpd
In-Reply-To: <[email protected]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Sender: [email protected]
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Hi,

I want to know any possibile ways to hack into wu-ftpd.

Alex

From [email protected] Sat Feb 20 14:08:30 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id OAA03044;
Sat, 20 Feb 1999 14:08:29 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id OAA25516;
Sat, 20 Feb 1999 14:05:09 -0600 (CST)
Received: from suan.sk.ac.th ([email protected] [203.151.240.4])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id OAA08198
for <[email protected]>; Sat, 20 Feb 1999 14:01:00 -0600 (CST)
Received: from localhost (11738266@localhost)
by suan.sk.ac.th (8.8.8/8.8.8) with ESMTP id DAA27284
for <[email protected]>; Sun, 21 Feb 1999 03:03:05 +0700
Message-Id: <[email protected]>
Date: Sun, 21 Feb 1999 03:03:05 +0700 (ICT)
Reply-To: [email protected]
Sender: [email protected]
From: Teeradetch Nawasuttipong <[email protected]>
To: [email protected]
Subject: can't ftp as root and problem about ftpwho
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

I compiled wu-ftpd 2.8.2 beta 18 VR14 on RedHat Linux 5.2
and I found that I can't ftp to server as root. How can I solve it?

And problem about ftpwho is when I use it, it can only display one line
per connection so I can't see detail about file that connection is
downloading. How can I solve it ?

Thank you very much.

From [email protected] Sat Feb 20 15:00:40 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id PAA03491;
Sat, 20 Feb 1999 15:00:39 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id OAA07335;
Sat, 20 Feb 1999 14:57:18 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id OAA26412
for <[email protected]>; Sat, 20 Feb 1999 14:51:19 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id PAA19535;
Sat, 20 Feb 1999 15:50:22 -0500
Message-Id: <[email protected]>
Date: Sat, 20 Feb 1999 15:50:21 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: Teeradetch Nawasuttipong <[email protected]>
Cc: [email protected]
Subject: Re: can't ftp as root and problem about ftpwho
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Sun, 21 Feb 1999, Teeradetch Nawasuttipong wrote:

> I compiled wu-ftpd 2.8.2 beta 18 VR14 on RedHat Linux 5.2 and I found
> that I can't ftp to server as root. How can I solve it?

You don't want to.

> And problem about ftpwho is when I use it, it can only display one
> line per connection so I can't see detail about file that connection
> is downloading. How can I solve it ?

I use ps and grep:

ps axwww | grep ftpd

Redhat has a patch which adds this kind of capabililty to their RPM
version. I'll probably be including their patch in a future version of
the server.

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Sat Feb 20 15:16:23 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id PAA03658;
Sat, 20 Feb 1999 15:16:22 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id PAA01788;
Sat, 20 Feb 1999 15:11:34 -0600 (CST)
Received: from mail-atm.nycap.rr.com ([email protected] [24.92.32.1])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id PAA28047
for <[email protected]>; Sat, 20 Feb 1999 15:04:33 -0600 (CST)
Received: from yua2.nycap.rr.com (cisco-56-184.nycap.rr.com [24.92.56.184])
by mail-atm.nycap.rr.com (8.9.1/8.9.1) with SMTP id QAA22029
for <[email protected]>; Sat, 20 Feb 1999 16:04:30 -0500 (EST)
Message-Id: <[email protected]>
Date: Sat, 20 Feb 1999 16:05:37 -0500
Reply-To: [email protected]
Sender: [email protected]
From: Alex Yu <[email protected]>
To: [email protected]
Subject: How to check security on wu-ftpd?
In-Reply-To: <[email protected]>
References: <[email protected]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Sender: [email protected]
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Hello All,

How to check security on wu-ftpd?

Alex

From [email protected] Sun Feb 21 15:48:44 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id PAA14013;
Sun, 21 Feb 1999 15:48:43 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id PAA18569;
Sun, 21 Feb 1999 15:43:43 -0600 (CST)
Received: from amber.ccs.neu.edu ([email protected] [129.10.116.51])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id PAA10815
for <[email protected]>; Sun, 21 Feb 1999 15:19:56 -0600 (CST)
Received: from bellatrix.ccs.neu.edu ([email protected] [129.10.116.157])
by amber.ccs.neu.edu (8.9.1a/8.9.1) with ESMTP id QAA11618
for <[email protected]>; Sun, 21 Feb 1999 16:19:55 -0500 (EST)
Message-Id: <[email protected]>
Date: Sun, 21 Feb 1999 16:19:54 -0500 (EST)
Reply-To: WU-FTPD Discussion List <[email protected]>
Sender: [email protected]
From: Aris Yannopoulos <[email protected]>
To: WU-FTPD Discussion List <[email protected]>
Subject: Overwrite permission
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

I have a server set up to have only real users by ftp. I set the
following in ftpaccess:

chmod yes real
delete yes real
overwrite yes real
rename yes real
umask yes real

Still, none of the users can overwrite or delete files. What am I doing
wrong?

Ari(=

-= Madness is not an illness... it's a privilege... =-

From [email protected] Sun Feb 21 18:49:35 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id SAA15627;
Sun, 21 Feb 1999 18:49:34 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id SAA30002;
Sun, 21 Feb 1999 18:44:58 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id SAA03292
for <[email protected]>; Sun, 21 Feb 1999 18:37:00 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id SAA28104
for <[email protected]>; Sun, 21 Feb 1999 18:47:36 -0500
Message-Id: <[email protected]>
Date: Sun, 21 Feb 1999 18:47:36 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: WU-FTPD Discussion List <[email protected]>
Subject: Re: Overwrite permission
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Sun, 21 Feb 1999, Aris Yannopoulos wrote:

> I have a server set up to have only real users by ftp. I set the
> following in ftpaccess:
>
> chmod yes real
> delete yes real
> overwrite yes real
> rename yes real
> umask yes real
>
> Still, none of the users can overwrite or delete files. What am I
> doing wrong?

There's not enough to know why but as a guess, I'd say either the users
are not 'real' but 'guest', or the permissions on the files and/or
directories containing them are preventing the overwrite/delete. The
exact error message seen at the client end should tell you if it's a
permissions problem.

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Sun Feb 21 18:53:31 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id SAA15672;
Sun, 21 Feb 1999 18:53:30 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id SAA25072;
Sun, 21 Feb 1999 18:50:15 -0600 (CST)
Received: from mail-atm.nycap.rr.com ([email protected] [24.92.32.1])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id SAA11957
for <[email protected]>; Sun, 21 Feb 1999 18:39:07 -0600 (CST)
Received: from yua2.nycap.rr.com (cisco-56-184.nycap.rr.com [24.92.56.184])
by mail-atm.nycap.rr.com (8.9.1/8.9.1) with SMTP id TAA19215
for <[email protected]>; Sun, 21 Feb 1999 19:38:58 -0500 (EST)
Message-Id: <[email protected]>
Date: Sun, 21 Feb 1999 19:40:12 -0500
Reply-To: [email protected]
Sender: [email protected]
From: Alex Yu <[email protected]>
To: WU-FTPD Discussion List <[email protected]>
Subject: Re: Overwrite permission
In-Reply-To: <[email protected]
.edu>
References: <[email protected]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Sender: [email protected]
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

At 04:19 PM 1999/2/21 -0500, you wrote:

>chmod yes real
>delete yes real

Dir permission.

Alex

From [email protected] Sun Feb 21 19:08:49 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id TAA15908;
Sun, 21 Feb 1999 19:08:48 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id TAA01735;
Sun, 21 Feb 1999 19:04:16 -0600 (CST)
Received: from ckgppxy1.proxy.att.com (ckmsfw1.att.com [12.20.58.157])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id TAA15971
for <[email protected]>; Sun, 21 Feb 1999 19:00:38 -0600 (CST)
Received: from merlin.lz.att.com ([135.25.200.5])
by ckgppxy1.proxy.att.com (AT&T/IPNS/GW-1.0) with SMTP id TAA10878
for <[email protected]>; Sun, 21 Feb 1999 19:08:18 -0500 (EST)
Received: by merlin.lz.att.com with SMTP (Microsoft Exchange Server Internet Mail Connector Version 4.0.996.62)
id <[email protected]>; Sun, 21 Feb 1999 19:10:40 -0500
Message-Id: <c=US%a=_%p=att%[email protected]>
Date: Sun, 21 Feb 1999 19:10:38 -0500
Reply-To: [email protected]
Sender: [email protected]
From: Roger Hanke <[email protected]>
To: "'Bernhard Rosenkraenzer'" <[email protected]>,
"'WUFTPD List'"
<[email protected]>
Subject: RE: BeroFTPD 1.2.3 internal ls problem?
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Exchange Server Internet Mail Connector Version 4.0.996.62
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Dear All,
Confirmed by rebuilding BeroFTPD 1.2.3 with
--disable-internal-ls option that it started using the
external /bin/ls as expected which of course did
list out the device file major and minor numbers
correctly. So just one question left with regards to
this problem. I had assumed in this version that disabling
the internal ls meant even base ls commands would
no longer use the built in. But by trussing it I did
confirm that this option does just revert behavior
to old WUFTPD Beta way. So perhaps the description
of the option should make it clear that the builtin will
still handle plain ls requests while all others will be
handled by the external /bin/ls, since it is an
important point?
IMHO,
Roger Hanke

>-----Original Message-----
>From: Roger Hanke
>Sent: Tuesday, February 16, 1999 5:36 PM
>To: 'WUFTPD List'
>Subject: BeroFTPD 1.2.3 internal ls problem?
>
>Dear All,
> Was wondering if anyone else has seen the below behavior
>when listing out the device files in a guest or anonymous
>users area. The size is reported incorrectly for the
>ls -l command when the builtin ls is being used.
>Went back and checked the Beta 13 version I had been
>using which kicked to an external ls of course for this
>command and it does list the major minor numbers as
>expected.
> Roger Hanke
>
>BeroFTPD 1.2.3
>ftp> cd dev
>250 CWD command successful.
>ftp> ls -l
>200 PORT command successful.
>150 Opening ASCII mode data connection for directory listing.
>total 0
>crw-rw-rw- 1 root sys 2147483647 Jul 23 1997 tcp
>crw-rw-rw- 1 root sys 0 Jul 23 1997 zero
>226 Transfer complete.
>remote: -l
>132 bytes received in 0.0043 seconds (30 Kbytes/s)
>ftp>
>
>Beta 13
>ftp> ls -l
>200 PORT command successful.
>150 Opening ASCII mode data connection for /bin/ls.
>total 0
>crw-rw-rw- 1 root sys 11, 42 Jul 23 1997 tcp
>crw-rw-rw- 1 root sys 13, 12 Jul 23 1997 zero
>226 Transfer complete.
>remote: -l
>130 bytes received in 0.0023 seconds (56 Kbytes/s)
>ftp>
>-----------------------------------------------------
> Roger A. Hanke AT&T Web Site Services
> (732)576-5738 [email protected]
> FAX (732)576-6041 http://lynxhub.att.com/~rah/
>-----------------------------------------------------

From [email protected] Mon Feb 22 01:48:32 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id BAA19649;
Mon, 22 Feb 1999 01:48:31 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id BAA26094;
Mon, 22 Feb 1999 01:43:49 -0600 (CST)
Received: from tower.ti.com (tower.ti.com [192.94.94.5])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id BAA25053
for <[email protected]>; Mon, 22 Feb 1999 01:29:46 -0600 (CST)
Received: from king.india.ti.com ([157.87.101.4]) by tower.ti.com (8.8.8) with ESMTP id BAA13812 for <[email protected]>; Mon, 22 Feb 1999 01:29:14 -0600 (CST)
Received: from india.ti.com (titanic [157.87.101.20]) by king.india.ti.com (8.8.5/8.6.10) with ESMTP id MAA02043 for <[email protected]>; Mon, 22 Feb 1999 12:59:12 +0530 (IST)
Message-Id: <[email protected]>
Date: Mon, 22 Feb 1999 12:59:59 +0530
Reply-To: [email protected]
Sender: [email protected]
From: "Srikanth A." <[email protected]>
To: [email protected]
Subject: web ftp
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Sender: [email protected]
X-Mailer: Mozilla 4.5 [en] (X11; I; SunOS 5.6 sun4m)
X-Accept-Language: en
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Hi,
I have wu-ftp server installed.
I want to install web based ftp server.
Can some body tell me how to do this.
Do I need any package? If yes where can I get it?
What is the procedure for this.

Thanks in advance,
Srikanth

From [email protected] Mon Feb 22 10:51:19 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id KAA24297;
Mon, 22 Feb 1999 10:51:18 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id KAA32572;
Mon, 22 Feb 1999 10:46:15 -0600 (CST)
Received: from gatekeep.ti.com (gatekeep.ti.com [192.94.94.61])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id KAA19808
for <[email protected]>; Mon, 22 Feb 1999 10:42:02 -0600 (CST)
Received: from spanky.dal.asp.ti.com ([172.24.154.20]) by gatekeep.ti.com (8.8.8) with ESMTP id KAA05344 for <[email protected]>; Mon, 22 Feb 1999 10:41:31 -0600 (CST)
Received: from pavis.asic.sc.ti.com (pavis.asic.sc.ti.com [128.247.100.46])
by spanky.dal.asp.ti.com (8.8.8+Sun/8.8.8/FL-ASP-1.8) with SMTP id KAA08096;
Mon, 22 Feb 1999 10:41:30 -0600 (CST)
Received: by pavis.asic.sc.ti.com id <[email protected]>; Mon, 22 Feb 99 10:41:29 -0600
Message-Id: <[email protected]>
Date: Mon, 22 Feb 99 10:41:29 CST
Reply-To: [email protected] (Bob Luckin)
Sender: [email protected]
From: Bob Luckin <[email protected]>
To: [email protected]
Cc: [email protected]
Subject: Re: web ftp
In-Reply-To: <[email protected]>; from "Srikanth A." at Feb 22, 99 12:59 (noon)
X-Mimi-Options: HEADERS TI2
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Hi Srikanth,

> I have wu-ftp server installed.
> I want to install web based ftp server.
> Can some body tell me how to do this.
> Do I need any package? If yes where can I get it?
> What is the procedure for this.

I'm not sure what you mean by a web based server. Most web browsers already
have the capability to talk to FTP servers, if that is all you need.
Netscape and IE 4 certainly do.

However, unless you set up wu-ftpd as an anonymous server, people trying to
access the FTP server via a browser will still need to supply a password.
Is this what you are really enquiring about ?

Cheers, Bob
--
Bob Luckin [email protected] "Coder, adapt. FTP Ada, redo C."
[http://www.dhc.net/~luckin/palindromes.html]

From [email protected] Mon Feb 22 11:02:19 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id LAA24416;
Mon, 22 Feb 1999 11:02:19 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id KAA28767;
Mon, 22 Feb 1999 10:58:48 -0600 (CST)
Received: from fatcat.inven.com (fatcat.inven.com [204.142.49.130])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id KAA10192
for <[email protected]>; Mon, 22 Feb 1999 10:57:04 -0600 (CST)
Received: from mailnyc [195.1.2.68]
by fatcat.inven.com with esmtp (Exim 1.71 #1)
id 10Eyg6-0000mV-00; Mon, 22 Feb 1999 11:57:54 -0500
Received: by mailnyc with smtp (Exim 2.10)
id 10EyhV-00014Z-00; Mon, 22 Feb 1999 11:59:21 -0500
Message-Id: <4.1.19990222115306.00b68500@mailnyc>
Date: Mon, 22 Feb 1999 11:54:40 -0500
Reply-To: [email protected]
Sender: [email protected]
From: John-Paul Pagano <[email protected]>
To: [email protected] (Bob Luckin), [email protected]
Cc: [email protected]
Subject: Re: web ftp
In-Reply-To: <[email protected]>
References: <[email protected]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Sender: jpagano@mailnyc
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

At 10:41 AM 2/22/99 -0600, Bob Luckin wrote:
>Hi Srikanth,
>
>> I have wu-ftp server installed.
>> I want to install web based ftp server.
>> Can some body tell me how to do this.
>> Do I need any package? If yes where can I get it?
>> What is the procedure for this.
>
>I'm not sure what you mean by a web based server. Most web browsers already
>have the capability to talk to FTP servers, if that is all you need.
>Netscape and IE 4 certainly do.
>
>However, unless you set up wu-ftpd as an anonymous server, people trying to
>access the FTP server via a browser will still need to supply a password.
>Is this what you are really enquiring about ?
>

And, if it is, it should be noted that IE 4 is broken as far as supplying
the user:[email protected] syntax to enter a particular user's account.
Netscape isn't, as long as you don't use characters in the username and
password that the browser considers special, i.e. the # symbol.

--
John-Paul Pagano
Unix Systems Administrator
Voice: (212) 208-0828
Fax: (212) 825-1040

From [email protected] Mon Feb 22 11:10:04 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id LAA24504;
Mon, 22 Feb 1999 11:10:03 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id LAA13948;
Mon, 22 Feb 1999 11:05:23 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id LAA26264
for <[email protected]>; Mon, 22 Feb 1999 11:00:06 -0600 (CST)
Received: (from lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) id MAA03598
for [email protected]; Mon, 22 Feb 1999 12:00:00 -0500
Message-Id: <[email protected]>
Date: Mon, 22 Feb 1999 12:00:00 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: WU-FTPD Discussion List <[email protected]>
Subject: VR mirrors
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

The VR updates for WU-FTPD include additional features requested over the
years by the user community and includes a number of bug fixes for both the
base 2.4.2 (beta-18) release and earlier VR updates.

The primary distribution site for these updates is:

ftp://ftp.vr.net/pub/wu-ftpd/

Mirrors are available at the following sites:

Canada
------
ftp://ftp.crc.ca/pub/packages/ftp/servers/wuarchive-ftpd-vr/

Hungary
-------
ftp://ftp.ahol.com/pub/mirrors/wu-ftpd/

Japan
-----

Ring Server Project
-------------------
ftp://ftp.ring.gr.jp/pub/net/wu-ftpd/
http://www.ring.gr.jp/archives/net/wu-ftpd/

ftp://ring.aist.go.jp/pub/net/wu-ftpd/
http://ring.aist.go.jp/archives/net/wu-ftpd/

ftp://ring.asahi-net.or.jp/pub/net/wu-ftpd/
http://ring.asahi-net.or.jp/archives/net/wu-ftpd/

ftp://ring.so-net.ne.jp/pub/net/wu-ftpd/
http://ring.so-net.ne.jp/archives/net/wu-ftpd/

ftp://ring.nacsis.ac.jp/pub/net/wu-ftpd/
http://ring.nacsis.ac.jp/archives/net/wu-ftpd/

ftp://ring.etl.go.jp/pub/net/wu-ftpd/
http://ring.etl.go.jp/archives/net/wu-ftpd/

Other Japan sites
-----------------
ftp://ftp.win.ne.jp/pub/network/wu-ftpd/

ftp://mirror.nucba.ac.jp/mirror/wu-ftpd/
http://mirror.nucba.ac.jp/mirror/wu-ftpd/

Sweden
------
ftp://ftp.sunet.se/pub/nir/ftp/servers/wuarchive-ftpd-vr/
http://ftp.sunet.se/pub/nir/ftp/servers/wuarchive-ftpd-vr/

Switzerland
-----------
ftp://sunsite.cnlab-switch.ch/mirror/wu-ftpd-vr/

United Kingdom
--------------
ftp://sunsite.org.uk/Mirrors/ftp.vr.net/pub/wu-ftpd/
http://sunsite.org.uk/Mirrors/ftp.vr.net/pub/wu-ftpd/

ftp://ftp.ox.ac.uk/pub/comp/security/COAST/mirrors/ftp.vr.net/

If you run a mirror and would like it listed above, just send me the URL.
Unless your local policy requires it, there is no need to ask my permission
to mirror the primary distribution site. I do like knowing who is
mirroring, though.

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Mon Feb 22 11:28:40 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id LAA24740;
Mon, 22 Feb 1999 11:28:39 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id LAA29420;
Mon, 22 Feb 1999 11:25:02 -0600 (CST)
Received: from tower.ti.com (tower.ti.com [192.94.94.5])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id LAA10231
for <[email protected]>; Mon, 22 Feb 1999 11:20:16 -0600 (CST)
Received: from spanky.dal.asp.ti.com ([172.24.154.20]) by tower.ti.com (8.8.8) with ESMTP id LAA28679 for <[email protected]>; Mon, 22 Feb 1999 11:19:44 -0600 (CST)
Received: from pavis.asic.sc.ti.com (pavis.asic.sc.ti.com [128.247.100.46])
by spanky.dal.asp.ti.com (8.8.8+Sun/8.8.8/FL-ASP-1.8) with SMTP id LAA17328
for <[email protected]>; Mon, 22 Feb 1999 11:19:44 -0600 (CST)
Received: by pavis.asic.sc.ti.com id <[email protected]>; Mon, 22 Feb 99 11:19:44 -0600
Message-Id: <[email protected]>
Date: Mon, 22 Feb 99 11:19:43 CST
Reply-To: [email protected] (Bob Luckin)
Sender: [email protected]
From: Bob Luckin <[email protected]>
To: [email protected]
Subject: Re: web ftp
In-Reply-To: <4.1.19990222115306.00b68500@mailnyc>; from "John-Paul Pagano" at Feb 22, 99 11:54 am
X-Mimi-Options: HEADERS TI2
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

> And, if it is, it should be noted that IE 4 is broken as far as supplying
> the user:[email protected] syntax to enter a particular user's account.
> Netscape isn't, as long as you don't use characters in the username and
> password that the browser considers special, i.e. the # symbol.

Actually, some versions of Netscape have a bug as well. If you try to connect
using the user:[email protected] format, and your NOPROXY variable is set
to site.com (ie. the FTP server is an internal site), then Netscape may
connect you via the proxy when it shouldn't. If your proxy server happens to
be outside your firewall, then it can't see your internal machine, which
causes a bit of a problem...

I understand that Netscape were informed about this several years ago,
but I still see this problem in some UNIX versions - for example
Netscape 4.06 for Solaris 2 (I just tested it to make sure).

Cheers, Bob
--
"On mega data disks, attempt FTP. An inapt FTP; met task's ID a tad. A gem, no?"
Bob Luckin [email protected] [http://www.dhc.net/~luckin/palindromes.html]

From [email protected] Mon Feb 22 12:34:06 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id MAA25587;
Mon, 22 Feb 1999 12:34:05 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id MAA22250;
Mon, 22 Feb 1999 12:30:35 -0600 (CST)
Received: from amber.ccs.neu.edu ([email protected] [129.10.116.51])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id MAA11301
for <[email protected]>; Mon, 22 Feb 1999 12:24:10 -0600 (CST)
Received: from bellatrix.ccs.neu.edu ([email protected] [129.10.116.157])
by amber.ccs.neu.edu (8.9.1a/8.9.1) with ESMTP id NAA26160
for <[email protected]>; Mon, 22 Feb 1999 13:24:05 -0500 (EST)
Message-Id: <[email protected]>
Date: Mon, 22 Feb 1999 13:24:04 -0500 (EST)
Reply-To: WU-FTPD Discussion List <[email protected]>
Sender: [email protected]
From: Aris Yannopoulos <[email protected]>
To: WU-FTPD Discussion List <[email protected]>
Subject: Re: Overwrite permission
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Sun, 21 Feb 1999, Gregory A Lundberg wrote:

> On Sun, 21 Feb 1999, Aris Yannopoulos wrote:
>
> > I have a server set up to have only real users by ftp. I set the
> > following in ftpaccess:
> >
> > chmod yes real
> > delete yes real
> > overwrite yes real
> > rename yes real
> > umask yes real
> >
> > Still, none of the users can overwrite or delete files. What am I
> > doing wrong?
>
> There's not enough to know why but as a guess, I'd say either the users
> are not 'real' but 'guest', or the permissions on the files and/or
> directories containing them are preventing the overwrite/delete. The
> exact error message seen at the client end should tell you if it's a
> permissions problem.
>
Actually here is the error:
553 pick_of_seven.java: Permission denied. (Delete)

and there are no guests, all users are real. The permissions on the
directory would allow a write by the user (since I can create the file)
and the t bit isn't set so there is no issue there.

Ari(=

From [email protected] Mon Feb 22 12:35:46 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id MAA25615;
Mon, 22 Feb 1999 12:35:45 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id MAA19591;
Mon, 22 Feb 1999 12:32:12 -0600 (CST)
Received: from nae-msx2rtr.atc.alcoa.com (nae-msx2rtr.atc.alcoa.com [132.226.160.10])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id MAA03605
for <[email protected]>; Mon, 22 Feb 1999 12:29:59 -0600 (CST)
Received: by nae-msx2rtr.atc.alcoa.com with SMTP (Microsoft Exchange Server Internet Mail Connector Version 4.0.996.62)
id <[email protected]>; Mon, 22 Feb 1999 13:29:29 -0500
Message-Id: <c=US%a=ATTMAIL%p=ALCOAUSA%[email protected]>
Date: Mon, 22 Feb 1999 13:29:07 -0500
Reply-To: [email protected]
Sender: [email protected]
From: "Snyder, John D." <[email protected]>
To: "'wu-ftp'" <[email protected]>
Subject: 421 Service not available on HP-UX 10.20 - release [BETA-18-VR14]
X-Mailer: Microsoft Exchange Server Internet Mail Connector Version 4.0.996.62
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

I have been running wu-ftpd vers 17 for quite some time with no
problems. Decided to build and install the ver 18 release, mainly
because of the recent CERT advisory about buffer overflow problems in
realpath.

Compiled fine, chkconfig looks good, BUT when I run I get :

421 Service not available, remote server has closed connection
Login failed.
No control connection for command: No such file or directory

after typing in the user name.

I've run the daemon in standalone: ./ftpd -L -a -d -s Still get same
error.

Tried running trace on above: starts OK, forks OK but then it tries to
read

stat("/tcb/files/auth/r/root-t", 0x7b03b44c)

and

open("/tcb/files/auth/r/root", O_RDONLY)

when I try to login as root as an example.

Any help? Feels like a configure/compilation problem? What dumb thing
did I do now? Of course this always happens when you don't want to or
have time to get into a heavy debugging session.

I noticed some previous post, similar to mine. but saw no answers??

Thanks

From [email protected] Mon Feb 22 12:46:44 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id MAA25768;
Mon, 22 Feb 1999 12:46:43 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id MAA32684;
Mon, 22 Feb 1999 12:43:10 -0600 (CST)
Received: from mail1.its.rpi.edu ([email protected] [128.113.100.7])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id MAA08349
for <[email protected]>; Mon, 22 Feb 1999 12:40:43 -0600 (CST)
Received: from yua2.dynamic.rpi.edu (resnet-244.dynamic.rpi.edu [128.113.177.12])
by mail1.its.rpi.edu (8.8.8/8.8.6) with SMTP id NAA63584
for <[email protected]>; Mon, 22 Feb 1999 13:42:24 -0500
Message-Id: <[email protected]>
Date: Mon, 22 Feb 1999 13:41:55 -0500
Reply-To: [email protected]
Sender: [email protected]
From: Alex Yu <[email protected]>
To: WU-FTPD Discussion List <[email protected]>
Subject: Re: Overwrite permission
In-Reply-To: <[email protected]
.edu>
References: <[email protected]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Sender: [email protected]
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

At 01:24 PM 1999/2/22 -0500, you wrote:

>553 pick_of_seven.java: Permission denied. (Delete)
>directory would allow a write by the user (since I can create the file)

first, does real user have permission to delete the file? are all your
real users in the same group? is the file chown by the group where they
belong to and have rw permission? it is not the ftpd problem. you have to
work on file permission.

alex

From [email protected] Mon Feb 22 13:06:17 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id NAA26140;
Mon, 22 Feb 1999 13:06:17 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id NAA23443;
Mon, 22 Feb 1999 13:02:31 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id MAA22118
for <[email protected]>; Mon, 22 Feb 1999 12:59:22 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id NAA04681
for <[email protected]>; Mon, 22 Feb 1999 13:59:20 -0500
Message-Id: <[email protected]>
Date: Mon, 22 Feb 1999 13:59:20 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: WU-FTPD Discussion List <[email protected]>
Subject: Re: Overwrite permission
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Mon, 22 Feb 1999, Aris Yannopoulos wrote:

> > > delete yes real

> 553 pick_of_seven.java: Permission denied. (Delete)

Either the line quoted in your original message isn't the one you're
actually using, or the one you're actually using has a subtle typo in it
(look for non-printing chars), or the user attempting to delete
pick_of_seven.java wasn't a real user, but was a guest or anonymous users
instead.

Look in the ftpaccess file for other delete clauses which could be taking
effect instead of this one.

check that you're actually using the ftpaccess file you think you are.

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Mon Feb 22 13:12:29 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id NAA26235;
Mon, 22 Feb 1999 13:12:28 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id NAA17506;
Mon, 22 Feb 1999 13:08:56 -0600 (CST)
Received: from ueitm1.unisourcelink.com ([38.149.121.67])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id NAA05774
for <[email protected]>; Mon, 22 Feb 1999 13:02:40 -0600 (CST)
Received: by UEITM1 with Internet Mail Service (5.5.1960.3)
id <1V0ZAP34>; Mon, 22 Feb 1999 14:07:30 -0500
Message-Id: <6BEE6C82D85BD211B4E700805F85A25D329675@PHLWAYM1>
Date: Mon, 22 Feb 1999 14:01:24 -0500
Reply-To: [email protected]
Sender: [email protected]
From: "Elliott, Don (Exton, PA)" <[email protected]>
To: "'[email protected]'"
<[email protected]>
Cc: "'wuftp'" <[email protected]>
Subject: BeroFTPD configure prob. (HPUX 11.00)
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="---- =_NextPart_001_01BE5E96.88BF64B0"
X-Mailer: Internet Mail Service (5.5.1960.3)
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------ =_NextPart_001_01BE5E96.88BF64B0
Content-Type: text/plain

To whom it may concern,

I'm running into a problem while trying to run the "./configure" command
on the Bero-FTPD-1.3.3 package. Please see the output below:

********Output begins here************

checking if there is a ut_host field in the utmp structure... yes
checking if there is a ut_pid field in the utmp structure... yes
checking if there is a ut_id field in the utmp structure... yes
checking if there is a ut_name field in the utmp structure... yes
checking if there is a ut_type field in the utmp structure... yes
checking if there is a ut_exit.e_termination field in the utmp
structure... yes
checking if there is a ut_syslen field in the utmpx structure... no
checking how to determine wtmpx file... configure: error: Cannot find
out how to locate wtmpx file. Contact
[email protected].

**************Output end here******************

I'm trying to build this package on an HP-UX 11.00 system, with
gcc-2.8.1 and the GNU "binutils" package built as well.

I cannot find any "wtmpx" file on my system whatsoever.

I'm kind of in desperate straights here, and would appreciate any
information as to how to get past this.

Thanks in advance,

Donald Elliott

**************************************************
Don Elliott
UNIX Analyst
Unisource Worldwide Inc.
[email protected]
610.280.5838

------ =_NextPart_001_01BE5E96.88BF64B0
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
5.5.1960.3">
<TITLE>BeroFTPD configure prob. (HPUX 11.00)</TITLE>
</HEAD>
<BODY>

To whom it may concern,


I'm running into a problem while =
trying to run the "./configure" command on the =
Bero-FTPD-1.3.3 package. Please see the output below:

********Output begins =
here************


checking if there is a ut_host field =
in the utmp structure... yes
 checking if there is a ut_pid field =
in the utmp structure... yes
 checking if there is a ut_id field =
in the utmp structure... yes
 checking if there is a ut_name =
field in the utmp structure... yes
 checking if there is a ut_type =
field in the utmp structure... yes
 checking if there is a =
ut_exit.e_termination field in the utmp structure... yes
 checking if there is a ut_syslen =
field in the utmpx structure... no
 checking how to determine wtmpx =
file... configure: error: Cannot find out how to locate wtmpx file. =
Contact [email protected].

**************Output end =
here******************


I'm trying to build this package on =
an HP-UX 11.00 system, with gcc-2.8.1 and the GNU "binutils" =
package built as well.


I cannot find any "wtmpx" =
file on my system whatsoever.


I'm kind of in desperate straights =
here, and would appreciate any information as to how to get past =
this.


Thanks in advance,


Donald Elliott


**************************************************</FON=
T>
 Don Elliott
 UNIX Analyst
 Unisource Worldwide Inc.
 [email protected]
 610.280.5838


</BODY>
</HTML>
------ =_NextPart_001_01BE5E96.88BF64B0--

From [email protected] Mon Feb 22 13:40:12 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id NAA26664;
Mon, 22 Feb 1999 13:40:11 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id NAA01270;
Mon, 22 Feb 1999 13:35:07 -0600 (CST)
Received: from nuinfo.nwu.edu ([email protected] [129.105.212.72])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id NAA28213
for <[email protected]>; Mon, 22 Feb 1999 13:32:58 -0600 (CST)
Received: (from lunde@localhost)
by nuinfo.nwu.edu (8.8.8/8.8.8) id NAA04383;
Mon, 22 Feb 1999 13:32:56 -0600 (CST)
Message-Id: <[email protected]>
Date: Mon, 22 Feb 1999 13:32:55 CST
Reply-To: [email protected] (Albert Lunde)
Sender: [email protected]
From: [email protected] (Albert Lunde)
To: [email protected]
Cc: "'[email protected]'"@nuinfo.nwu.edu,
[email protected], [email protected]
Subject: Re: BeroFTPD configure prob. (HPUX 11.00)
In-Reply-To: <6BEE6C82D85BD211B4E700805F85A25D329675@PHLWAYM1>; from "Elliott, Don" at Feb 22, 99 2:01 pm
X-Sender: [email protected] (Albert Lunde)
X-Mailer: Elm [revision: 212.4]
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

> checking if there is a ut_syslen field in the utmpx structure... no
> checking how to determine wtmpx file... configure: error: Cannot find
> out how to locate wtmpx file. Contact
> [email protected].
>
> **************Output end here******************
>
> I'm trying to build this package on an HP-UX 11.00 system, with
> gcc-2.8.1 and the GNU "binutils" package built as well.
>
> I cannot find any "wtmpx" file on my system whatsoever.

I ran in to something similar under HP-UX 10.20:

The problem is that HP-UX 10.20 has a utmpx.h header file but
doesn't use the wtmpx file or define a symbol for its location,
so far as I can see.

I worked around this by finding the list of header files tested
for in configure (about line 3135) and deleting the word "utmpx.h"
from that list. This seems to produce the same result on the
rest of the script as the test for the header failing, and so
the test that looks for a symbol for wtmpx file is bypassed.

I wound up not using that build in production, but going with VR14,
so there may be other issues. Note also the patch to
fix the declaration of defumask posted 2/17/99 with
Subject: Re:wu-ftpd-2.4.2-beta-18-vr14 and HP-UX (fwd)

(I _can_ find a /var/adm/wtmpx file on my system but it is
small and the last mod date in not recent.)

--
Albert Lunde [email protected]

From [email protected] Mon Feb 22 14:00:45 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id OAA26946;
Mon, 22 Feb 1999 14:00:44 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id NAA04129;
Mon, 22 Feb 1999 13:54:38 -0600 (CST)
Received: from papajo-gw ([email protected] [199.77.74.2])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id NAA21282
for <[email protected]>; Mon, 22 Feb 1999 13:48:53 -0600 (CST)
Received: by papajo-gw; id OAA05993; Mon, 22 Feb 1999 14:49:43 -0500 (EST)
Received: from rayleigh.tt.aftac.gov(192.239.136.1) by papajo-gw.aftac.gov via smap (V4.2)
id xma005974; Mon, 22 Feb 99 14:49:28 -0500
Received: by rayleigh (SMI-8.6/SMI-SVR4)
id OAA22460; Mon, 22 Feb 1999 14:48:36 -0500
Message-Id: <199902221948.OAA22460@rayleigh>
Date: Mon, 22 Feb 1999 14:48:36 -0500
Reply-To: [email protected]
Sender: [email protected]
From: [email protected] (Pete Geenhuizen (TBE))
To: [email protected]
Subject: Can't get anon uploads to work with VR13
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Just downloaded VR13 last week to replace 2.4.2 because the recent cert. I
replaced the old binary with the new and went on about my business.

Well to day I find out that anon ftp uploads fail with permission denied. After
a lot of mucking about I ended up temporarily using the old binary once again.

So what's the secret to getting anon uploads to work? This is running on
a SPARCstation 20 and Solaris 2.6. I checked around the FAQs etc., but no luck.

Any assistance would be greatly appreciated.

Thx

Pete

From [email protected] Mon Feb 22 14:04:11 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id OAA27024;
Mon, 22 Feb 1999 14:04:10 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id OAA03708;
Mon, 22 Feb 1999 14:00:49 -0600 (CST)
Received: from znet.groupz.net (znet.groupz.net [208.234.232.2])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id NAA13376
for <[email protected]>; Mon, 22 Feb 1999 13:55:57 -0600 (CST)
Received: from cdc.groupz.net (cdc.groupz.net [208.138.66.11])
by znet.groupz.net (8.8.6 (PHNE_14041)/8.8.8) with SMTP id OAA12269;
Mon, 22 Feb 1999 14:26:20 -0500 (EST)
Message-Id: <[email protected]>
Date: Mon, 22 Feb 1999 14:26:49 -0500
Reply-To: [email protected]
Sender: [email protected]
From: Christopher Caldwell <[email protected]>
To: [email protected]
Cc: "'wu-ftp'" <[email protected]>
Subject: Re: 421 Service not available on HP-UX 10.20 - release
[BETA-18-VR14]
In-Reply-To: <c=US%a=ATTMAIL%p=ALCOAUSA%l=NAE_ATC3-990222182907Z-7073@na
e-msx2rtr.atc.alcoa.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Sender: [email protected]
X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.5 (32)
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Hmmm. Looks like you might be compiling for trusted systems and you're not
running a trusted system. Check to see if HPUX_10_TRUSTED is def'd somewhere.

In addition, root's shell on HP-UX should be /sbin/sh, not /usr/bin/sh, and
/sbin/sh should *not* be in /etc/shells, so you shouldn't be able to ftp
with root's account.

-C

At 01:29 PM 2/22/99 -0500, Snyder, John D. wrote:
>I have been running wu-ftpd vers 17 for quite some time with no
>problems. Decided to build and install the ver 18 release, mainly
>because of the recent CERT advisory about buffer overflow problems in
>realpath.
>
>Compiled fine, chkconfig looks good, BUT when I run I get :
>
>421 Service not available, remote server has closed connection
>Login failed.
>No control connection for command: No such file or directory
>
>after typing in the user name.
>
>I've run the daemon in standalone: ./ftpd -L -a -d -s Still get same
>error.
>
>Tried running trace on above: starts OK, forks OK but then it tries to
>read
>
>stat("/tcb/files/auth/r/root-t", 0x7b03b44c)
>
>and
>
>open("/tcb/files/auth/r/root", O_RDONLY)
>
>when I try to login as root as an example.
>
>Any help? Feels like a configure/compilation problem? What dumb thing
>did I do now? Of course this always happens when you don't want to or
>have time to get into a heavy debugging session.
>
>I noticed some previous post, similar to mine. but saw no answers??
>
>Thanks
>
>
>
>
>

From [email protected] Mon Feb 22 14:17:05 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id OAA27212;
Mon, 22 Feb 1999 14:17:05 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id OAA31955;
Mon, 22 Feb 1999 14:13:43 -0600 (CST)
Received: from penguin.wise.edt.ericsson.se (penguin-ext.wise.edt.ericsson.se [194.237.142.5])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id OAA25390
for <[email protected]>; Mon, 22 Feb 1999 14:12:01 -0600 (CST)
Received: from ms.uab.ericsson.se (ms.uab.ericsson.se [134.138.44.44])
by penguin.wise.edt.ericsson.se (8.9.0/8.9.0/WIREfire-1.2) with ESMTP id VAA19174;
Mon, 22 Feb 1999 21:10:56 +0100 (MET)
Received: from uabs78c32.uab.ericsson.se (uabs78c32.uab.ericsson.se [134.138.201.82])
by ms.uab.ericsson.se (8.8.8/8.8.8/uab-1.34) with ESMTP id VAA20881;
Mon, 22 Feb 1999 21:11:01 +0100 (MET)
Received: from uab.ericsson.se by uabs78c32.uab.ericsson.se (8.8.8/client-1.3uab1)
id VAA12920; Mon, 22 Feb 1999 21:11:00 +0100 (MET)
Message-Id: <[email protected]>
Date: Mon, 22 Feb 1999 21:10:59 +0100
Reply-To: [email protected]
Sender: [email protected]
From: Johan Claesson <[email protected]>
To: [email protected]
Cc: [email protected]
Subject: Re: Can't get anon uploads to work with VR13
References: <199902221948.OAA22460@rayleigh>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Sender: [email protected]
X-Mailer: Mozilla 4.5 [en] (X11; I; SunOS 5.6 sun4m)
X-Accept-Language: sv, en-US
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

"Pete Geenhuizen (TBE)" wrote:
>
> Just downloaded VR13 last week to replace 2.4.2 because the recent cert. I
> replaced the old binary with the new and went on about my business.
>
> Well to day I find out that anon ftp uploads fail with permission denied. After
> a lot of mucking about I ended up temporarily using the old binary once again.
>
> So what's the secret to getting anon uploads to work? This is running on
> a SPARCstation 20 and Solaris 2.6. I checked around the FAQs etc., but no luck.
>
> Any assistance would be greatly appreciated.
>
> Thx
>
> Pete

Hi Pete,

Post your ftpaccess file to the list, otherwise it is very difficult to
answer your question.

Regards Johan

From [email protected] Mon Feb 22 14:23:48 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id OAA27326;
Mon, 22 Feb 1999 14:23:47 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id OAA31850;
Mon, 22 Feb 1999 14:20:16 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id OAA17964
for <[email protected]>; Mon, 22 Feb 1999 14:19:28 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id PAA05393;
Mon, 22 Feb 1999 15:19:14 -0500
Message-Id: <[email protected]>
Date: Mon, 22 Feb 1999 15:19:14 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: "Pete Geenhuizen (TBE)" <[email protected]>
Cc: [email protected]
Subject: Re: Can't get anon uploads to work with VR13
In-Reply-To: <199902221948.OAA22460@rayleigh>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Mon, 22 Feb 1999, Pete Geenhuizen (TBE) wrote:

> Just downloaded VR13 last week to replace 2.4.2 because the recent
> cert. I replaced the old binary with the new and went on about my
> business.
>
> Well to day I find out that anon ftp uploads fail with permission
> denied. After a lot of mucking about I ended up temporarily using the
> old binary once again.
>
> So what's the secret to getting anon uploads to work? This is running
> on a SPARCstation 20 and Solaris 2.6. I checked around the FAQs etc.,
> but no luck.
>
> Any assistance would be greatly appreciated.

There have been enough questions on this I've written a document. I'll be
proofreading it (I just finished it up), and posting it in a bit.

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Mon Feb 22 14:36:31 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id OAA27499;
Mon, 22 Feb 1999 14:36:30 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id OAA25234;
Mon, 22 Feb 1999 14:33:00 -0600 (CST)
Received: from papajo-gw ([email protected] [199.77.74.2])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id OAA17495
for <[email protected]>; Mon, 22 Feb 1999 14:27:55 -0600 (CST)
Received: by papajo-gw; id PAA09121; Mon, 22 Feb 1999 15:28:46 -0500 (EST)
Received: from rayleigh.tt.aftac.gov(192.239.136.1) by papajo-gw.aftac.gov via smap (V4.2)
id xma009108; Mon, 22 Feb 99 15:28:24 -0500
Received: by rayleigh (SMI-8.6/SMI-SVR4)
id PAA24413; Mon, 22 Feb 1999 15:27:32 -0500
Message-Id: <199902222027.PAA24413@rayleigh>
Date: Mon, 22 Feb 1999 15:27:32 -0500
Reply-To: [email protected]
Sender: [email protected]
From: [email protected] (Pete Geenhuizen (TBE))
To: [email protected]
Cc: [email protected]
Subject: Re: Can't get anon uploads to work with VR13
In-Reply-To: Mail from 'Johan Claesson <[email protected]>'
dated: Mon, 22 Feb 1999 21:10:59 +0100
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

> Hi Pete,
>
> Post your ftpaccess file to the list, otherwise it is very difficult to
> answer your question.
>
> Regards Johan

OK here's my ftp.access file, which whorks just fine with the 2.4.2 version.

Pete

loginfails 2

class local real,guest,anonymous *.domain 0.0.0.0
class remote real,guest,anonymous *

limit local 20 Any /etc/msgs/msg.toomany
limit remote 100 SaSu|Any1800-0600 /etc/msgs/msg.toomany
limit remote 60 Any /etc/msgs/msg.toomany

banner /opt/local/banners/ALLOW/ftp.banner
readme README* login
readme README* cwd=*

message /welcome.msg login
message .message cwd=*
message autodrm.msg cwd=autodrm

compress yes local remote
tar yes local remote

# allow use of private file for SITE GROUP and SITE GPASS?
private yes

# passwd-check <none|trivial|rfc822> [<enforce|warn>]
passwd-check rfc822 warn

log commands anonymous,real inbound,outbound
log transfers anonymous,real inbound,outbound
shutdown /etc/shutmsg

# all the following default to "yes" for everybody
delete no guest,anonymous # delete permission?
overwrite no guest,anonymous # overwrite permission?
rename no guest,anonymous # rename permission?
chmod no anonymous # chmod permission?
umask no anonymous # umask permission?

# specify the upload directory information
upload /ftp * no
#upload /ftp /incoming* yes root daemon 440 nodirs
upload /export/data/ftp /incoming yes root daemon 0400 nodirs
upload /ftp /bin no
upload /ftp /etc no

# directory aliases... [note, the ":" is not required]
alias inc: /incoming

# cdpath
cdpath /incoming
cdpath /pub
cdpath /

# path-filter...
path-filter anonymous /etc/pathmsg ^[-A-Za-z0-9_\.]*$ ^\. ^-
path-filter guest /etc/pathmsg ^[-A-Za-z0-9_\.]*$ ^\. ^-

# specify which group of users will be treated as "guests".
guestgroup ftponly

email [email protected]

From [email protected] Mon Feb 22 15:09:23 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id PAA27927;
Mon, 22 Feb 1999 15:09:22 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id PAA09377;
Mon, 22 Feb 1999 15:05:39 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id PAA03897
for <[email protected]>; Mon, 22 Feb 1999 15:02:55 -0600 (CST)
Received: (from lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) id QAA05808
for [email protected]; Mon, 22 Feb 1999 16:02:54 -0500
Message-Id: <[email protected]>
Date: Mon, 22 Feb 1999 16:00:00 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: WU-FTPD Discussion List <[email protected]>
Subject: upload.configuration.HOWTO
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

This document is available on-line at:
ftp://ftp.vr.net/pub/wu-ftpd/upload.configuration.HOWTO

One of the more powerfull, yet most often misused, features of WU-FTPD is
the upload clause. Historically, the problems with the upload clause stem
from unclear documentation and poor implementation. This document is an
attempt to address these issues. The features discussed in this document
apply to WU-FTPD Version 2.4.2 (Beta 18) VR14. If you are not running
VR14, you are strongly encouraged to upgrade; the VR updates include a
number of corrections and security enhancements not available with earlier
versions of WU-FTPD.

Upload restrictions for anonymous FTP users
-------------------------------------------
For this example, we'll assume your system /etc/passwd file contains an
entry for the anonymous FTP user as follows:

ftp:*:95:95::/home/ftp:

If your /etc/passwd file does not contain an entry for the user 'ftp' your
site will not allow anonymous FTP. In addition, if the usernames 'ftp' or
'anonymous' appear in the /etc/ftpusers file, anonymous FTP will not be
allowed.

In /etc/ftpaccess, we need a class which allows anonymous access. The
following allows anonymous FTP from anywhere:

class anonftp anonymous *

To prevent anonymous FTP users attempting a Denial of Service (DoS) attack
against your system, you should create a special filesystem to receive
their uploads. This separate filesystem protects your server by limiting
the total size of all uploaded files while preventing those files from
consuming all available space on the server. For this example, mount the
filesystem on /home/ftp/incoming

By default, the server will not allow uploads from anonymous FTP users.
Just to be safe, and so we don't forget, let's add a clause saying that:

upload /home/ftp * no

What this says is, "For any user whose home directory is the anonymous FTP
area, /home/ftp, do not allow any uploads." As I said, this is the
default, but put it in anyway so you don't forget.

Now, we want to allow uploads into the incoming filesystem. We MUST add a
clause granting that privilege to anonymous users. Right now we don't want
to let anonymous users create directories. (I recommend NEVER allowing them
to do it, but I'll show you how in a bit.) We want to ensure, however,
that the server is safe, and that it cannot be used as a way-point for
software pirates (warez traders). So we'll set the directory permissions
for the incoming area to prevent anyone seeing what's there and make the
area write-only for anonymous users.

First, we need an FTP site administrator, someone who owns the files, but
isn't the root user or the anonymous user. Something like the following
/etc/passwd entry will do:

ftpadmin:*:96:96::/home/ftp:

Set the incoming area permissions and ownership to safe values. I
recommend the following:

chown ftpadmin /home/ftp/incoming
chgrp ftpadmin /home/ftp/incoming
chmod 3773 /home/ftp/incoming

Actually, ftpadmin should own more of the site, but I'm only talking about
uploads right now.

Finally, before we get into allowing uploads, one last thing. Whether you
allow on-the-fly tar'ing of directories or not, you should make sure that
an end-run cannot be made and the incoming area downloaded using tar. To
do that, create the special file '.notar' in both the FTP directory and the
incoming area:

touch /home/ftp/.notar
chmod 0 /home/ftp/.notar
touch /home/ftp/incoming/.notar
chmod 0 /home/ftp/incoming/.notar

The zero-length .notar file can confuse some web clients and FTP proxies,
so let's mark it unretrievable.

noretrieve .notar

Time to allow uploads, put the following in /etc/ftpaccess:

upload /home/ftp /incoming yes ftpadmin ftpadmin 0440 nodirs

Notice the target directory for the uploads is relative to the view the
user will have during the FTP session.

What this says is, "For any user whose home directory is the anonymous FTP
area, /home/ftp, allow uploads into the directory /incoming but do not
allow the creation of new directories. Make all files uploaded owned by
the FTP administrator, mark them read-only and don't allow them to be
downloaded." If uploaded files are to be made available for downloading,
the safest thing to do is to tell the FTP administrator to move them into a
public area and modify the permissions after validating and approving them.
I know this seems draconian but, in the long run, it's best.

Some FTP sites like to live dangerously and allow anonymous users to create
directories. I don't recommend this; it cannot be done with absolute
safety. If you insist, however, you can at least limit it to a single
directory level. For example, replace the upload clause just added with
the following:

upload /home/ftp /incoming yes ftpadmin ftpadmin 0440 dirs 3773
upload /home/ftp /incoming/* yes ftpadmin ftpadmin 0440 nodirs

The first line allows directories to be created in the incoming area and
enforces the use of safe permissions on them. The second prevents creation
of deeper sub-directories. Notice that one of the problems with allowing
directory creation is there is no way to automtaically create a '.notar' in
the new directory, so a crafty user may be able to make an end-run and
download it anyway using on-the-fly tar'ing.

One last thing: since the incoming area shouldn't allow downloads, and
since it's a file system, there will be a lost+found area; you will want to
add the following clause to make SURE no downloads occur:

noretrieve /home/ftp/incoming/

or, at least, add the following to prevent downloading of the lost+found
files:

noretrieve /home/ftp/incoming/lost+found/

Upload restrictions for guest users
-----------------------------------
Setting up the FTP server for guest users is covered in the Guest HOWTO.
It is not my purpose here to cover how to set up for guest access. If you
have not yet done so, review the information in that document at:

ftp://ftp.fni.com/pub/wu-ftpd/guest-howto

For this example, I'll assume you have entries similar to the following in
your system /etc/passwd file:

dick:*:1010:1010::/home/users/./dick:/bin/sh
jane:*:1011:1011::/home/users/./jane:/bin/sh

By default, the WU-FTPD server will grant upload privileges to all guest
users. The example users are chroot'd to /home/users and cannot access any
area of the filesystem outside that directory structure. What we're
interested in, then, is simply protecting the areas in the chroot directory
structure we want to keep the users out of.

In a minimal installation, there will be bin, etc and dev, subdirectories
in the /home/users directory. Other files and subdirectories may exist
depending upon the requirements of your operating system. We don't want
users being able to upload into these areas. In case something happens to
the permissions on them (you did set the permissions to safe values, didn't
you?), you should deny upload privileges in your ftpaccess file. In our
case, we'll say the following:

upload /home/users/* / no
upload /home/users/* /bin no
upload /home/users/* /etc no
upload /home/users/* /dev no

While we're at it, we'll prevent downloads with noretrieve. Don't forget
to prevent end-runs by also creating .notar files in each directory.

noretrieve /home/users/bin/
noretrieve /home/users/etc/
noretrieve /home/users/dev/

Upload restrictions for real users
----------------------------------
First off, let me say that you shouldn't have any real users in your FTP
site. Or, being more realistic, the only real user should be the site
administrator. That being said, real users should be restricted to
uploading only into specific areas. Let's start with a real user in
/etc/passwd:

ftpadmin:*:109:109::/home/users/ftpadmin:/bin/sh

Again, by default, the server will grant upload privileges everywhere, so
we have to start by revoking them and only allowing what we want to:

upload /home/users/ftpadmin * no
upload /home/users/ftpadmin /tmp yes nodirs
upload /home/users/ftpadmin /home/users/ftpadmin yes
upload /home/users/ftpadmin /home/users/ftpadmin/* yes
upload /home/users/ftpadmin /home/ftp/incoming yes ftpadmin ftpadmin 0440 nodirs

About matching rules
--------------------
In the last example, you will notice there are two rules for the ftpadmin's
home directory. It may seem simpler to just say:

upload /home/users/ftpadmin /home/users/ftpadmin* yes

But, if you do, there will be unintended consequences. In the example,
we're trying to restrict upload provileges to just the ftpadmin's home
directory. The appearently simpler rule will match other directories,
which we don't want to allow. Consider, it will match all of the
following directories:

/home/users/ftpadmin
/home/users/ftpadmin/mirrors
/home/users/ftpadministration

This last directory isn't wanted. Using the two rules as shown in the
example will prevent matching it and accidentially allowing uploads as
would happen if we used the appearently simpler single rule.

Private incoming areas
----------------------
Often times, users would like to have private areas in the FTP site.
Sometimes, it is usefull to also have incoming areas in those private
areas. Examples of the permissions for private areas can be found in the
layout at ftp://ftp.vr.net/pub/wu-ftpd/examples/ and, other than ownership,
are no different than the public incoming area, so I'll simply present the
upload clauses here.

For this example, we'll allow anonymous uploads into all private incoming
areas:

upload /home/ftp /private/*/incoming yes * * 0440 nodirs
upload /home/users/ftpadmin /home/ftp/private/*/incoming yes * * 0440 nodirs

The assumption here is Unix shell users have private areas in the anonymous
site. Those areas are owned by the appropriate user, and incoming files
are to be owned by that user. The wildcard match on directory allows
anonymous uploading to any private incoming directory. The wildcard for
owning user and group instructs the daemon to set the file's ownership to
that of the directory receiving it.

Don't forget, if you allow private incoming areas, that they are open for
anonymous access and you should take care to ensure a DoS attempt to fill
the file system cannot take out your entire server. Create a separate
filesystem for the private incoming areas or put them inside the public
incoming area.

Differences from earlier versions
---------------------------------
This HOWTO was written for the VR upgraded versions of the WU-FTPD server.
Earlier versions used different rules for the upload clause.

Some versions of the daemon required the first parameter to be the name of
the root directory for the chroot. This allowed upload control by area,
but did not provide for different rules on a per-user basis.

Some versions of the daemon required the first parameter to be lexically
identical to the user's home directory entry. This was non-obvious and the
'/./' was often forgotten.

Some versions of the daemon got totally confused, attempted to apply both
these methods at once, and ended up ignoring all your upload rules. If you
were smart, you had your permissions set properly and didn't notice.

Early versions of the VR upgrades, and all earlier versions of the daemon,
allowed file system modification as the default for all users. The current
VR upgraded version does not allow any modification commands (ie., upload,
delete, rename) unless specifically granted in the ftpaccess file.

Early versions of the VR upgrades, and all earlier versions of the dameon,
had no method for specifying the permissions for a newly created directory.
Also, they required exact matches for the first parameter (no globbing) and
exact user and group names or numbers for ownership file files and
directories.

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Mon Feb 22 15:28:27 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id PAA28203;
Mon, 22 Feb 1999 15:28:26 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id PAA04274;
Mon, 22 Feb 1999 15:24:42 -0600 (CST)
Received: from ueitm1.unisourcelink.com ([38.149.121.67])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id PAA07742
for <[email protected]>; Mon, 22 Feb 1999 15:23:17 -0600 (CST)
Received: by UEITM1 with Internet Mail Service (5.5.1960.3)
id <1V0ZAP70>; Mon, 22 Feb 1999 16:28:09 -0500
Message-Id: <6BEE6C82D85BD211B4E700805F85A25D329676@PHLWAYM1>
Date: Mon, 22 Feb 1999 16:21:28 -0500
Reply-To: [email protected]
Sender: [email protected]
From: "Elliott, Don (Exton, PA)" <[email protected]>
To: "'[email protected]'" <[email protected]>
Cc: "'wuftp'" <[email protected]>
Subject: RE: BeroFTPD configure prob. (HPUX 11.00)
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="---- =_NextPart_001_01BE5EAA.1A794670"
X-Mailer: Internet Mail Service (5.5.1960.3)
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------ =_NextPart_001_01BE5EAA.1A794670
Content-Type: text/plain

Albert,

I recall the problem you had. And that you were able to work around it.
I'm just a little nervous about hacking out the "wtmpx" stuff due to the
fact that I'm not sure if it could make a mess on the security side of
things...

I've also tried to build VR14 on this very same system (HPUX 11.00 -
gcc-2.8.1 - GNU binutils), and could never get further than the initial
"build" command, "./build CC=gcc hpx". I get the following when I run
this:

**************begins here****************
Making support library.
gcc -O -c snprintf.c
snprintf.c:121: conflicting types for `snprintf'
/usr/local/lib/gcc-lib/hppa1.0-hp-hpux11.00/2.8.1/include/stdio.h:447:
previous
declaration of `snprintf'
make: *** [snprintf.o] Error 1

Making ftpd.
gcc -Aa -Dunix -D_HPUX_SOURCE -O +Onolimit -I.. -I../support +DAportable
-c f
tpd.c -o ftpd.o
gcc: cannot specify -o with -c and multiple compilations
make: *** [ftpd.o] Error 1

***************end here*****************

These errors continue on...

I'm truly at a loss right now as I can't get either the VR14 or the
BeroFTPD package to build or compile properly.

If anyone has any ideas on what I can do to get things going please feel
free to let me know...

Also, as an aside, I did a "find . -name "wtmpx*" on my system, and came
up with nothing.

Thanks in advance,

Don

> ----------
> From: [email protected][SMTP:[email protected]]
> Sent: Monday, February 22, 1999 2:32 PM
> To: [email protected]
> Cc: "'[email protected]'"@nuinfo.nwu.edu;
> [email protected]; [email protected]
> Subject: Re: BeroFTPD configure prob. (HPUX 11.00)
>
> I wound up not using that build in production, but going with VR14,
> so there may be other issues. Note also the patch to
> fix the declaration of defumask posted 2/17/99 with
> Subject: Re:wu-ftpd-2.4.2-beta-18-vr14 and HP-UX (fwd)
>
> (I _can_ find a /var/adm/wtmpx file on my system but it is
> small and the last mod date in not recent.)
>
> --
> Albert Lunde [email protected]
>

------ =_NextPart_001_01BE5EAA.1A794670
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
5.5.1960.3">
<TITLE>RE: BeroFTPD configure prob. (HPUX 11.00)</TITLE>
</HEAD>
<BODY>

Albert,


I recall the =
problem you had. And that you were able to work around it. I'm just a =
little nervous about hacking out the "wtmpx" stuff due to the =
fact that I'm not sure if it could make a mess on the security side of =
things...

I've also tried to =
build VR14 on this very same system (HPUX 11.00 - gcc-2.8.1 - GNU =
binutils), and could never get further than the initial =
"build" command, "./build CC=3Dgcc hpx". I get the =
following when I run this:

**************begins here****************
 Making support =
library.
 gcc =
-O   -c snprintf.c
 snprintf.c:121: =
conflicting types for `snprintf'
 /usr/local/lib/gcc-lib/hppa1.0-hp-hpux11.00/2.8.1/inclu=
de/stdio.h:447: previous
 declaration of =
`snprintf'
 make: *** =
[snprintf.o] Error 1


Making =
ftpd.
 gcc -Aa -Dunix =
-D_HPUX_SOURCE -O +Onolimit -I.. -I../support =
+DAportable    -c f
 tpd.c -o =
ftpd.o
 gcc: cannot =
specify -o with -c and multiple compilations
 make: *** =
[ftpd.o] Error 1


***************end =
here*****************


These errors =
continue on...


I'm truly at a =
loss right now as I can't get either the VR14 or the BeroFTPD package =
to build or compile properly.


If anyone has any =
ideas on what I can do to get things going please feel free to let me =
know...


Also, as an aside, =
I did a "find . -name "wtmpx*" on my system, and came up =
with nothing.


Thanks in =
advance,


Don

<UL>
----------
 From:   =
[email protected][SMTP:[email protected]]
 Sent:   =
Monday, February 22, 1999 2:32 =
PM
 To: =
    [email protected]
 Cc: =
    "'[email protected]'"@nuinfo.nwu.edu; =
[email protected]; [email protected]

Subject: =
       Re: BeroFTPD configure prob. (HPUX 11.00)


I wound up not using that build in =
production, but going with VR14,
 so there may be other issues. Note =
also the patch to
 fix the declaration of defumask =
posted 2/17/99 with
 Subject: =
Re:wu-ftpd-2.4.2-beta-18-vr14 and HP-UX (fwd)


(I _can_ find a /var/adm/wtmpx file on =
my system but it is
 small and the last mod date in not =
recent.)


--
     Albert =
Lunde           &=
nbsp;          =
[email protected]

</UL>
</BODY>
</HTML>
------ =_NextPart_001_01BE5EAA.1A794670--

From [email protected] Tue Feb 23 09:11:35 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id JAA27491;
Tue, 23 Feb 1999 09:11:34 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id JAA19800;
Tue, 23 Feb 1999 09:01:40 -0600 (CST)
Received: from woodfin.cs.unca.edu (woodfin.cs.unca.edu [152.18.35.7])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id IAA29528
for <[email protected]>; Tue, 23 Feb 1999 08:53:58 -0600 (CST)
Received: from hendersonville.cs.unca.edu (hendersonville.cs.unca.edu [152.18.35.85])
by woodfin.cs.unca.edu (8.9.2/8.9.2) with ESMTP id JAA05742;
Tue, 23 Feb 1999 09:53:56 -0500 (EST)
Received: (from benites@localhost)
by hendersonville.cs.unca.edu (8.9.2/8.9.2) id JAA15208;
Tue, 23 Feb 1999 09:53:56 -0500 (EST)
Message-Id: <[email protected]>
Date: Tue, 23 Feb 1999 09:53:56 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Robert Benites <[email protected]>
To: [email protected]
Subject: Thanks and Question
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Thanks to Gregory A Lundberg <[email protected]> for his great
HowTo document about uploading!

I just installed wu-ftpd-2.4.2-beta-18-vr14 on a Digital UNIX 4.0D
(patch kit #3).

My questions regards the fact I find the ftpd man page confusing. If I
have the following entry in /etc/inted.conf:

ftp stream tcp nowait root /usr/local/etc/wuftpd/ftpd ftpd -a -t180 -i -o

should log all transmissions to the xferlog.

For consistency it seems I should be able to force the session log to
the xferlog too. But using the -l option still forces the logging to
syslog.

Is this just the way it works, ie. that you can't send the session log
to the xferlog, or am I missing something?

Thanks!

-- Bob

From [email protected] Tue Feb 23 09:34:01 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id JAA27831;
Tue, 23 Feb 1999 09:34:00 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id JAA18239;
Tue, 23 Feb 1999 09:30:30 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id JAA23887
for <[email protected]>; Tue, 23 Feb 1999 09:24:17 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id KAA13962;
Tue, 23 Feb 1999 10:24:05 -0500
Message-Id: <[email protected]>
Date: Tue, 23 Feb 1999 10:24:04 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: Robert Benites <[email protected]>
Cc: [email protected]
Subject: Re: Thanks and Question
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Tue, 23 Feb 1999, Robert Benites wrote:

> Thanks to Gregory A Lundberg <[email protected]> for his great
> HowTo document about uploading!

*blush*

> My questions regards the fact I find the ftpd man page confusing. If I
> have the following entry in /etc/inted.conf:
>
> ftp stream tcp nowait root /usr/local/etc/wuftpd/ftpd ftpd -a -t180 -i -o
>
> should log all transmissions to the xferlog.
>
> For consistency it seems I should be able to force the session log to
> the xferlog too. But using the -l option still forces the logging to
> syslog.
>
> Is this just the way it works, ie. that you can't send the session log
> to the xferlog, or am I missing something?

I'd add -l to the command line.

I'd also add the following to your ftpaccess:

log transfers real,anonymous,guest inbound,outbound
log security real,anonymous,guest

If you want to see the commands as well, add

log commands real,anonymous,guest

this can make your log a bit large, so be sure it rotates properly and
often.

Plus, if you want to use syslog instead of xferlog, add

log syslog

If you do this, though, you'll have to hack up xferstats to use the
syslog. It's handy, though, if you have several servers or have a syslog
deaddrop.

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Tue Feb 23 10:08:33 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id KAA28232;
Tue, 23 Feb 1999 10:08:32 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id KAA06012;
Tue, 23 Feb 1999 10:04:32 -0600 (CST)
Received: from mail1.ihs.com (mail1.ihs.com [170.207.70.222])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id JAA16941
for <[email protected]>; Tue, 23 Feb 1999 09:58:37 -0600 (CST)
Received: from is51 (is51.ihs.com [170.207.70.51])
by mail1.ihs.com (8.9.1/8.9.1) with SMTP id IAA03604;
Tue, 23 Feb 1999 08:43:28 -0700 (MST)
Message-Id: <[email protected]>
Date: Tue, 23 Feb 1999 08:42:20 -0700 (MST)
Reply-To: Alan Neiman <[email protected]>
Sender: [email protected]
From: Alan Neiman <[email protected]>
To: [email protected], [email protected]
Subject: wuftp
MIME-Version: 1.0
Content-Type: TEXT/plain; charset=us-ascii
Content-MD5: qb73Lcx4Wvt8pVU6OI7/Lw==
X-Mailer: dtmail 1.3.0 CDE Version 1.3 SunOS 5.7 sun4u sparc
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Is there anyway to do some kind of login script when a user logs into a wu-ftp
server. We want to setup quotas, and would like to notify the user how much
space they have available when they log in.

thanks

Alan Neiman
[email protected]
Unix System Administrator
Information Handling Services
--------------------------------------------------------------

** 1997 & 1998 World Champions **

17 & 2 -- Simply The Best -- The Broncos -- The Denver Broncos

** 1997 & 1998 World Champions **

--------------------------------------------------------------

From [email protected] Tue Feb 23 10:09:36 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id KAA28255;
Tue, 23 Feb 1999 10:09:35 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id KAA14398;
Tue, 23 Feb 1999 10:06:04 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id JAA20019
for <[email protected]>; Tue, 23 Feb 1999 09:59:06 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id KAA14240;
Tue, 23 Feb 1999 10:58:58 -0500
Message-Id: <[email protected]>
Date: Tue, 23 Feb 1999 10:58:58 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: Alan Neiman <[email protected]>
Cc: [email protected]
Subject: Re: wuftp
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Tue, 23 Feb 1999, Alan Neiman wrote:

> Is there anyway to do some kind of login script when a user logs into
> a wu-ftp server. We want to setup quotas, and would like to notify
> the user how much space they have available when they log in.

You'll need the daemon with quota support compiled in.

Just create a login message file for the users showing the quotas.

Automounting will probably require hacking the daemon source code. I've
heard of some places doing it. I presume they either have everything
mounted or have hacked the daemon to do it.

Interesting thought though .. *scribbles notes in his TODO*

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Tue Feb 23 10:20:45 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id KAA28393;
Tue, 23 Feb 1999 10:20:44 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id KAA30148;
Tue, 23 Feb 1999 10:17:22 -0600 (CST)
Received: from icarus.yml.com ([email protected] [207.226.52.3])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id KAA23873
for <[email protected]>; Tue, 23 Feb 1999 10:12:29 -0600 (CST)
Received: from localhost (buffalo@localhost)
by icarus.yml.com (8.8.7/8.8.7) with ESMTP id LAA19129
for <[email protected]>; Tue, 23 Feb 1999 11:12:07 -0500
Message-Id: <[email protected]>
Date: Tue, 23 Feb 1999 11:12:06 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: [email protected]
To: [email protected]
Subject: Security Patch/New Version?
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Has a patch been issued for wu-ftpd(18), or is there a new released
version that fixes the recently announced security hole? I found the fix
for RedHat linux, but need to address this on our Solaris boxes as well...

TIA,

--Duncan

From [email protected] Tue Feb 23 10:40:44 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id KAA28650;
Tue, 23 Feb 1999 10:40:43 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id KAA22140;
Tue, 23 Feb 1999 10:36:51 -0600 (CST)
Received: from aristo.tau.ac.il ([email protected] [132.66.32.10])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id KAA13232
for <[email protected]>; Tue, 23 Feb 1999 10:31:52 -0600 (CST)
Received: by aristo.tau.ac.il (Postfix, from userid 20001)
id 2441E3810C; Tue, 23 Feb 1999 18:31:40 +0200 (IST)
Message-Id: <[email protected]>
Date: Tue, 23 Feb 1999 18:31:40 +0200
Reply-To: [email protected]
Sender: [email protected]
From: Eilon Gishri <[email protected]>
To: Gregory A Lundberg <[email protected]>
Cc: Alan Neiman <[email protected]>, [email protected]
Subject: Re: wuftp
In-Reply-To: <[email protected]>; from Gregory A Lundberg on Tue, Feb 23, 1999 at 10:58:58AM -0500
References: <[email protected]> <[email protected]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.95.3i
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Tue, Feb 23, 1999 at 10:58:58AM -0500, Gregory A Lundberg wrote:
> On Tue, 23 Feb 1999, Alan Neiman wrote:
>
> > Is there anyway to do some kind of login script when a user logs into
> > a wu-ftp server. We want to setup quotas, and would like to notify
> > the user how much space they have available when they log in.
>
> You'll need the daemon with quota support compiled in.
>
> Just create a login message file for the users showing the quotas.
>
> Automounting will probably require hacking the daemon source code. I've
> heard of some places doing it. I presume they either have everything
> mounted or have hacked the daemon to do it.
>
If you're referring to NFS, I've played with RPC to support rquotad not
long ago but haven't had time to release anything to the public. I'll
try to do something useful about it this week and have something ready
with your VR patches next week.

I currently have access to AIX 4.x, BSDI 2.x, Digital Unix, SunOS, Solaris,
Linux and Irix. If you have anything abnormally (i.e doesn't use mnttab)
please let me know about it so I'll be able to add support for it too.

--
Eilon Gishri [email protected]
Security Consultant Office: +972-3-6406723
Israel Inter University Computation Center Fax: +972-3-6409118
/* On a matter of national security */ Home: +972-3-5078671

From [email protected] Tue Feb 23 10:59:24 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id KAA28849;
Tue, 23 Feb 1999 10:59:23 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id KAA30879;
Tue, 23 Feb 1999 10:55:59 -0600 (CST)
Received: from mail-atm.nycap.rr.com ([email protected] [24.92.32.1])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id KAA17988
for <[email protected]>; Tue, 23 Feb 1999 10:51:48 -0600 (CST)
Received: from yua2.nycap.rr.com (cisco-56-184.nycap.rr.com [24.92.56.184])
by mail-atm.nycap.rr.com (8.9.1/8.9.1) with SMTP id LAA15889
for <[email protected]>; Tue, 23 Feb 1999 11:51:44 -0500 (EST)
Message-Id: <[email protected]>
Date: Tue, 23 Feb 1999 11:53:05 -0500
Reply-To: [email protected]
Sender: [email protected]
From: Alex Yu <[email protected]>
To: [email protected]
Subject: Re: wuftp
In-Reply-To: <[email protected]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Sender: [email protected]
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

At 08:42 AM 1999/2/23 -0700, you wrote:

>Is there anyway to do some kind of login script when a user logs into a
wu-ftp
>server. We want to setup quotas, and would like to notify the user how much

i don't think so. either modify the source or get glftpd (www.glftpd.com).

alex

From [email protected] Tue Feb 23 11:19:29 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id LAA29134;
Tue, 23 Feb 1999 11:19:28 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id LAA07156;
Tue, 23 Feb 1999 11:15:49 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id LAA06318
for <[email protected]>; Tue, 23 Feb 1999 11:11:34 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id MAA14963;
Tue, 23 Feb 1999 12:11:29 -0500
Message-Id: <[email protected]>
Date: Tue, 23 Feb 1999 12:11:28 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: Alex Yu <[email protected]>
Cc: [email protected]
Subject: Re: wuftp
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Tue, 23 Feb 1999, Alex Yu wrote:

> >Is there anyway to do some kind of login script when a user logs into
> >a wu-ftp server. We want to setup quotas, and would like to notify
> >the user how much
>
> i don't think so. either modify the source or get glftpd (www.glftpd.com).

*sigh* RTFM

If you follow CERT advisories, you've upgraded. If you've upgraded, your
ftpaccess manpage says:

message <path> {<when> {<class> ...}}

Define a file with <path> such that ftpd will display the contents of the
file to the user login time or upon using the change working directory
command. The <when> parameter may be "LOGIN" or "CWD=<dir>". If <when>
is "CWD=<dir>", <dir> specifies the new default directory which will
trigger the notification.

The optional <class> specification allows the message to be displayed only
to members of a particular class. More than one class may be specified.

There can be "magic cookies" in the readme file which cause the ftp server
to replace the cookie with a specified text string:

%T local time (form Thu Nov 15 17:12:42 1990)
%F free space in partition of CWD (kbytes)
[not supported on all systems]
%C current working directory
%E the maintainer's email address as defined in ftpaccess
%R remote host name
%L local host name
%u username as determined via RFC931 authentication
%U username given at login time
%M maximum allowed number of users in this class
%N current number of users in this class
%B absolute limit on disk blocks allocated
%b preferred limit on disk blocks
%Q current block count
%I maximum number of allocated inodes (+1)
%i preferred inode limit
%q current number of allocated inodes
%H time limit for excessive disk use
%h time limit for excessive files

The message will only be displayed once to avoid annoying the user.
Remember that when MESSAGEs are triggered by an anonymous FTP user, the
<path> must be relative to the base of the anonymous FTP directory tree.

--

The last 8 magic cookies are what he wants.

This handles his request to display the quotas. If he needs to
automagically mount the user's home during login, it shouldn't be too hard
to hack into src/ftpd.c to put the needed code into pass() once the user
has authenticated and prior to chroot'ing if the user is a guest.

Automatic unmounting may be a problem, though. Which may explain why
nobody's talked about doing this .. it's probably easier to mount all the
homes all the time and not worry about it.

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Tue Feb 23 11:25:46 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id LAA29209;
Tue, 23 Feb 1999 11:25:45 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id LAA06087;
Tue, 23 Feb 1999 11:21:55 -0600 (CST)
Received: from stout.avnet.com (stout.avnet.com [12.9.139.171])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id LAA11315
for <[email protected]>; Tue, 23 Feb 1999 11:20:45 -0600 (CST)
Received: from dev.avnet.com ([email protected] [12.9.139.43])
by stout.avnet.com (8.9.0.Beta3/8.9.0.Beta3) with ESMTP id KAA09475
for <[email protected]>; Tue, 23 Feb 1999 10:20:11 -0700 (MST)
Received: from az101-nt-imc1.avnet.com (az101-nt-imc1.avnet.com [10.2.248.13])
by dev.avnet.com (8.8.6 (PHNE_14041)/8.8.6) with ESMTP id KAA17069
for <[email protected]>; Tue, 23 Feb 1999 10:20:08 -0700 (MST)
Received: by az101-nt-imc1.avnet.com with Internet Mail Service (5.0.1460.8)
id <FM0C546A>; Tue, 23 Feb 1999 10:20:08 -0700
Message-Id: <[email protected]>
Date: Tue, 23 Feb 1999 10:20:05 -0700
Reply-To: [email protected]
Sender: [email protected]
From: "Thunem, Tom" <[email protected]>
To: [email protected]
Subject: latest and most stable version
MIME-Version: 1.0
Content-Type: text/plain
X-Mailer: Internet Mail Service (5.0.1460.8)
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

hello all,

a quick question. i am moving our FTP function to a new server. i am
wondering what the latest and MOST STABLE version of wu_ftpd is? i am
currently using wu-2.4.2-academ[BETA-17] on hpux 10.20. i will still be
running be on 10.20 after the move. i guess this is as good a time as any to
upgrade.

thx

Tom Thunem

From [email protected] Tue Feb 23 13:10:39 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id NAA00789;
Tue, 23 Feb 1999 13:10:38 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id NAA03470;
Tue, 23 Feb 1999 13:06:33 -0600 (CST)
Received: from xavier.ups.com (xavier.ups.com [198.80.14.117])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id NAA15375
for <[email protected]>; Tue, 23 Feb 1999 13:04:53 -0600 (CST)
Received: from revere3.telecom.ups.com (smtp.field3.ups.com [153.2.0.205])
by xavier.ups.com (8.9.1a/8.9.1/UPS) with ESMTP id OAA10541
for <[email protected]>; Tue, 23 Feb 1999 14:04:21 -0500 (EST)
Received: from usnjrarpw0kc0 (localhost [127.0.0.1])
by revere3.telecom.ups.com (8.8.7/UPS) with SMTP id OAA10701
for <[email protected]>; Tue, 23 Feb 1999 14:04:20 -0500 (EST)
Received: by localhost with Microsoft MAPI; Tue, 23 Feb 1999 14:04:15 -0500
Message-Id: <[email protected]>
Date: Tue, 23 Feb 1999 14:04:14 -0500
Reply-To: "[email protected]" <[email protected]>
Sender: [email protected]
From: Edward Perry <[email protected]>
To: "Wu-Ftpd (E-mail)" <[email protected]>
Subject: Creating an ftp mirror.
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Internet E-mail/MAPI - 8.0.0.4211
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

What I would like to do is copy all files from one system to another and
then add/remove newer files as they get transferred on or deleted on the
system. So I was hoping if there any public domain scripts, programs or
features for WU-FTP to mirror another sites contents like this. If there is
nothing built how about a few suggestions.
Thank You
Edward Perry

From [email protected] Tue Feb 23 13:29:02 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id NAA01102;
Tue, 23 Feb 1999 13:29:01 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id NAA06944;
Tue, 23 Feb 1999 13:25:26 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id NAA19981
for <[email protected]>; Tue, 23 Feb 1999 13:24:27 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id OAA16390;
Tue, 23 Feb 1999 14:23:54 -0500
Message-Id: <[email protected]>
Date: Tue, 23 Feb 1999 14:23:54 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: Edward Perry <[email protected]>
Cc: "Wu-Ftpd (E-mail)" <[email protected]>
Subject: Re: Creating an ftp mirror.
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Tue, 23 Feb 1999, Edward Perry wrote:

> What I would like to do is copy all files from one system to another
> and then add/remove newer files as they get transferred on or deleted
> on the system. So I was hoping if there any public domain scripts,
> programs or features for WU-FTP to mirror another sites contents like
> this. If there is nothing built how about a few suggestions.

mirror

I have a copy here, or go looking.

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Tue Feb 23 13:35:25 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id NAA01194;
Tue, 23 Feb 1999 13:35:24 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id NAA04014;
Tue, 23 Feb 1999 13:31:43 -0600 (CST)
Received: from bawhub1.british-airways.com (mail.british-airways.com [194.201.29.3])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id NAA03437
for <[email protected]>; Tue, 23 Feb 1999 13:29:37 -0600 (CST)
Received: from baw-gw.british-airways.com by bawhub1.british-airways.com (X.400 to RFC822 Gateway); Tue, 23 Feb 1999 17:31:54 Z
Message-Id:
<"02D6836D2E5F90A7*/c=GB/admd=ATTMAIL/prmd=BA/o=British Airways PLC/ou=CORPLN1/s=Marson/g=Hamish/i=N/"@MHS>
Date: 23 Feb 1999 17:31:37 Z
Reply-To: [email protected]
Sender: [email protected]
From: "Marson, Hamish N" <[email protected]>
To: wu-ftpd <[email protected]>
Subject: SDI Auth & LDAP Auth...
Content-Identifier: 02D6836D2E5F90A7
Content-Return: Allowed
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

OK.

I'm almost finished putting SDI (Secure ID) authentication into wuftpd (Except changing to VR14 has meant that users now don't need to be in /etc/passwd to login... Whoops), and just starting ldap... (Looks easy as well).

Question is, is there a better place to put these extra authentication routines into ftpd, apart from ftpd.c in the pass() function... Should they go somewhere else? I found an authentiacte function in authenticate.c, but then pass() already has BSD auth & ordinary /etc/passwd authentication in there...

So should I make pass() big & long & complicated? or take the plunge & completely re-write the auth stuff (No thanks).... Or put it somewhere else?

I know people are asking for this, so I'd like to ge this done ASAP... (And I need it here too).

Hamish Marson.

From [email protected] Tue Feb 23 13:54:58 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id NAA01420;
Tue, 23 Feb 1999 13:54:57 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id NAA06592;
Tue, 23 Feb 1999 13:51:18 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id NAA21594
for <[email protected]>; Tue, 23 Feb 1999 13:49:41 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id OAA16667;
Tue, 23 Feb 1999 14:49:08 -0500
Message-Id: <[email protected]>
Date: Tue, 23 Feb 1999 14:49:08 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: "Marson, Hamish N" <[email protected]>
Cc: wu-ftpd <[email protected]>
Subject: Re: SDI Auth & LDAP Auth...
In-Reply-To: <"02D6836D2E5F90A7*/c=GB/admd=ATTMAIL/prmd=BA/o=British Airways PLC/ou=CORPLN1/s=Marson/g=Hamish/i=N/"@MHS>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On 23 Feb 1999, Marson, Hamish N wrote:

> I'm almost finished putting SDI (Secure ID) authentication into wuftpd
> (Except changing to VR14 has meant that users now don't need to be in
> /etc/passwd to login... Whoops), and just starting ldap... (Looks easy
> as well).
>
> Question is, is there a better place to put these extra authentication
> routines into ftpd, apart from ftpd.c in the pass() function... Should
> they go somewhere else? I found an authentiacte function in
> authenticate.c, but then pass() already has BSD auth & ordinary
> /etc/passwd authentication in there...
>
> So should I make pass() big & long & complicated? or take the plunge &
> completely re-write the auth stuff (No thanks).... Or put it somewhere
> else?
>
> I know people are asking for this, so I'd like to ge this done ASAP...
> (And I need it here too).
>
> Hamish Marson.

I vote for you taking the plumg and rewriting the USER/PASS morass :)
I can even put my CVS tree where you can have commit rights to it if it'll
help.

Since you're probably as afraid of that area of the code as I am, I'd
suggest that you try to make the minimum changes to the USER/PASS
functions, and put as much as possible in external source files.

I don't understand your comment about users not needing to be in
/etc/passwd for VR14. BeroFTPD, maybe, but not VR14, unless you're doing
something special. Not that moving away from /etc/passwd is necessarily a
bad idea.

I've not seen any requests for SecureID, but I can see that people would
want it.

LDAP is definitely a FRF dating back several years.

My suggestion for doing all this the cleanest way possible would be to use
PAM; but I'm given to understand that PAM has not made much headway in
cross-platform support. Linux, Solaris and HP-UX, are all that support it
from what I understand.

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Tue Feb 23 14:27:36 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id OAA01852;
Tue, 23 Feb 1999 14:27:36 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id OAA12845;
Tue, 23 Feb 1999 14:23:38 -0600 (CST)
Received: from bawhub1.british-airways.com (mail.british-airways.com [194.201.29.3])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id OAA07962
for <[email protected]>; Tue, 23 Feb 1999 14:18:14 -0600 (CST)
Received: from baw-gw.british-airways.com by bawhub1.british-airways.com (X.400 to RFC822 Gateway); Tue, 23 Feb 1999 20:02:21 Z
Message-Id:
<"0687236D30949086*/c=GB/admd=ATTMAIL/prmd=BA/o=British Airways PLC/ou=CORPLN1/s=Marson/g=Hamish/i=N/"@MHS>
Date: 23 Feb 1999 20:02:17 Z
Reply-To: [email protected]
Sender: [email protected]
From: "Marson, Hamish N" <[email protected]>
To: lundberg <CN=lundberg/[email protected]>
Cc: wu-ftpd <[email protected]>
Subject: Re: SDI Auth & LDAP Auth...
Content-Identifier: 0687236D30949086
Content-Return: Allowed
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Ha ha... I knew someone would vote for a rewrite... I fixed the not needing to be in /etc/passwd problem. It stems from the HELP_CRACKERS code changes where it doesn't deny till the last minute... In the code I originally put the sdauth stuff into, it had kicked the user off already, so I was guaranteed to have been in /etc/passwd by the time the pass code got called... now it doesn't... That was easy to fix...

Now all I have to do is the ldap stuff...

The real change I have to thin about is MULTIPLE methods of authentication at the same time... Most OS'es have some way of saying this user does this auth, this one has this... Solaris has PAM, AIX has it's own way of doing it... I need to play with the code a bit to see if AIX's standard library calls for authentication work with ftp or not... I have a feeling they don't (Which will be a bit of a bummer).

H

lundberg/[email protected] on 23/02/99 19:43:00
To: Hamish N Marson
cc: wu-ftpd
bcc:
Subject: Re: SDI Auth & LDAP Auth...

On 23 Feb 1999, Marson, Hamish N wrote:

> I'm almost finished putting SDI (Secure ID) authentication into wuftpd
> (Except changing to VR14 has meant that users now don't need to be in
> /etc/passwd to login... Whoops), and just starting ldap... (Looks easy
> as well).
>
> Question is, is there a better place to put these extra authentication
> routines into ftpd, apart from ftpd.c in the pass() function... Should
> they go somewhere else? I found an authentiacte function in
> authenticate.c, but then pass() already has BSD auth & ordinary
> /etc/passwd authentication in there...
>
> So should I make pass() big & long & complicated? or take the plunge &
> completely re-write the auth stuff (No thanks).... Or put it somewhere
> else?
>
> I know people are asking for this, so I'd like to ge this done ASAP...
> (And I need it here too).
>
> Hamish Marson.

I vote for you taking the plumg and rewriting the USER/PASS morass :)
I can even put my CVS tree where you can have commit rights to it if it'll
help.

Since you're probably as afraid of that area of the code as I am, I'd
suggest that you try to make the minimum changes to the USER/PASS
functions, and put as much as possible in external source files.

I don't understand your comment about users not needing to be in
/etc/passwd for VR14. BeroFTPD, maybe, but not VR14, unless you're doing
something special. Not that moving away from /etc/passwd is necessarily a
bad idea.

I've not seen any requests for SecureID, but I can see that people would
want it.

LDAP is definitely a FRF dating back several years.

My suggestion for doing all this the cleanest way possible would be to use
PAM; but I'm given to understand that PAM has not made much headway in
cross-platform support. Linux, Solaris and HP-UX, are all that support it
from what I understand.

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Tue Feb 23 16:09:01 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id QAA03407;
Tue, 23 Feb 1999 16:09:00 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id QAA31159;
Tue, 23 Feb 1999 16:00:20 -0600 (CST)
Received: from oncidium.ireq.ca (oncidium.ireq.ca [204.19.71.2])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id PAA31807
for <[email protected]>; Tue, 23 Feb 1999 15:57:09 -0600 (CST)
Received: id QAA17195; Tue, 23 Feb 1999 16:49:48 -0500
Received: by gateway id QAA16010
for <[email protected]>; Tue, 23 Feb 1999 16:51:30 -0500
Message-Id: <[email protected]>
Date: Tue, 23 Feb 1999 16:51:29 -0500
Reply-To: [email protected]
Sender: [email protected]
From: Marc Bourget <[email protected]>
To: [email protected]
Subject: Is there some doc on using wu-ftpd+ssleay
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="------------3EBB70F5647BE0FB5CB7B173"
X-Sender: [email protected]
X-Mailer: Mozilla 4.5 [en] (X11; I; Linux 2.2.1 i686)
X-Accept-Language: en
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

This is a multi-part message in MIME format.
--------------3EBB70F5647BE0FB5CB7B173
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Hi guys,

I'm looking for a little bit of doc or README files on seting up and
using wu-ftp+ssl. I'm hopping that someone knows where I can find this.
I would like to create a secure ftp connection from a Secure web site..

i.e.: How do we install it, modifications to config file, the port it
use, can we use it with netscape, etc...

Thank's

--
______________________________________________________________________
Marc Bourget (MB6350)
Informatique Tel.: +1 450 652-8191
IREQ - Institut de Recherche d'Hydro-Quebec Fax.: +1 450 652-8309

--------------3EBB70F5647BE0FB5CB7B173
Content-Type: text/x-vcard; charset=us-ascii;
name="bourget.marc.vcf"
Content-Transfer-Encoding: 7bit
Content-Description: Card for Marc Bourget
Content-Disposition: attachment;
filename="bourget.marc.vcf"

begin:vcard
n:Bourget;Marc
tel;pager:+1 (514) 853-1691
tel;fax:+1 (450) 652-8309
tel;work:+1 (450) 652-8191
x-mozilla-html:TRUE
org:Institut de Recherche d'Hydro-Quebec;Informatique
adr:;;1800 boul. Lionel-Boulet;Varennes;Quebec;J3X 1S1;Canada
version:2.1
email;internet:[email protected]
title:Conseiller ressources informatiques
x-mozilla-cpt:;-31616
fn:Marc Bourget
end:vcard

--------------3EBB70F5647BE0FB5CB7B173--

From [email protected] Tue Feb 23 16:23:39 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id QAA03647;
Tue, 23 Feb 1999 16:23:38 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id QAA25819;
Tue, 23 Feb 1999 16:19:50 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id QAA03576
for <[email protected]>; Tue, 23 Feb 1999 16:13:53 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id RAA18479;
Tue, 23 Feb 1999 17:13:40 -0500
Message-Id: <[email protected]>
Date: Tue, 23 Feb 1999 17:13:40 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: Marc Bourget <[email protected]>
Cc: [email protected]
Subject: Re: Is there some doc on using wu-ftpd+ssleay
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Tue, 23 Feb 1999, Marc Bourget wrote:

> I'm looking for a little bit of doc or README files on seting up and
> using wu-ftp+ssl. I'm hopping that someone knows where I can find
> this. I would like to create a secure ftp connection from a Secure web
> site..
>
> i.e.: How do we install it, modifications to config file, the port it
> use, can we use it with netscape, etc...

Most of this should be available at the SSLeay site where the patches are
to be found. I never can remember the URL so I search Yahoo! for it.

I don't think you can use it with Netscape or IE without building a proxy
to tunnel the clear-text FTP session from the client.

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Tue Feb 23 16:42:55 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id QAA03957;
Tue, 23 Feb 1999 16:42:54 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id QAA11126;
Tue, 23 Feb 1999 16:39:23 -0600 (CST)
Received: from orr.pwgsc.gc.ca (orr.pwgsc.gc.ca [198.103.167.14])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id QAA08153
for <[email protected]>; Tue, 23 Feb 1999 16:37:52 -0600 (CST)
Received: id RAA26195; Tue, 23 Feb 1999 17:18:43 -0500
Received: by gateway ???
Received: by gateway id RAA29687
for <[email protected]>; Tue, 23 Feb 1999 17:11:33 -0500 (EST)
Message-Id: <[email protected]>
Date: Tue, 23 Feb 1999 17:18:03 -0500
Reply-To: [email protected]
Sender: [email protected]
From: "Robertson, Rocke" <[email protected]>
To: wuftpd <[email protected]>
Subject: VR14 problem --> DIR causing the problem.
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Mailer: Mozilla 4.03 [en] (WinNT; U)
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Follow up to GUI client not seeing files that have names that start with
a letter. Its a DIR thing. DIR doesn't seem to list files that start
with a letter, but a ls will. This is only happening to one subdir
buried about 9 subdirs deep. There are about 50 file that start with
number, and they all get listed.

Any idea's

Thanks
--
Rocke Robertson
PWGSC/GTIS
(613)991-2604
[email protected]

From [email protected] Tue Feb 23 19:38:41 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id TAA05970;
Tue, 23 Feb 1999 19:38:40 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id TAA23310;
Tue, 23 Feb 1999 19:35:14 -0600 (CST)
Received: from mail-atm.nycap.rr.com ([email protected] [24.92.32.1])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id TAA03808
for <[email protected]>; Tue, 23 Feb 1999 19:33:34 -0600 (CST)
Received: from yua2.nycap.rr.com (cisco-56-184.nycap.rr.com [24.92.56.184])
by mail-atm.nycap.rr.com (8.9.1/8.9.1) with SMTP id UAA13615
for <[email protected]>; Tue, 23 Feb 1999 20:33:30 -0500 (EST)
Message-Id: <[email protected]>
Date: Tue, 23 Feb 1999 20:34:53 -0500
Reply-To: [email protected]
Sender: [email protected]
From: Alex Yu <[email protected]>
To: [email protected]
Subject: Re: Is there some doc on using wu-ftpd+ssleay
In-Reply-To: <[email protected]>
References: <[email protected]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Sender: [email protected]
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

At 05:13 PM 1999/2/23 -0500, you wrote:

>Most of this should be available at the SSLeay site where the patches are
>to be found. I never can remember the URL so I search Yahoo! for it.

how is exactly that wu-ftpd + ssl work? do users have to use special
client? can you provide more information? thanks!

alex yu

From [email protected] Tue Feb 23 22:15:27 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id WAA07623;
Tue, 23 Feb 1999 22:15:26 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id WAA20178;
Tue, 23 Feb 1999 22:11:45 -0600 (CST)
Received: from orr.pwgsc.gc.ca (orr.pwgsc.gc.ca [198.103.167.14])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id WAA02750
for <[email protected]>; Tue, 23 Feb 1999 22:04:52 -0600 (CST)
Received: id QAA24007; Tue, 23 Feb 1999 16:20:46 -0500
Received: by gateway id QAA29058
for <[email protected]>; Tue, 23 Feb 1999 16:11:46 -0500 (EST)
Message-Id: <[email protected]>
Date: Tue, 23 Feb 1999 16:18:15 -0500
Reply-To: [email protected]
Sender: [email protected]
From: "Robertson, Rocke" <[email protected]>
To: wuftpd <[email protected]>
Subject: VR14 caused a strange problem to occur.
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Mailer: Mozilla 4.03 [en] (WinNT; U)
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Very odd problem. GUI based clients, including Netscape, IE, WS_FTP
etc... can only see file names that start with a number. ??? If I ftp
from an character based Unix or DOS client I can see all files. ? This
is only happening in one subdir to one account so far.

Has anyone seen this behaviour before. If I put the old beta18 back in,
I can see everything. This is running on a Solaris 2.5.1 sytsem.

Any ideas would be appreciated.

~rocker
--
Rocke Robertson
PWGSC/GTIS
(613)991-2604
[email protected]

From [email protected] Wed Feb 24 05:53:07 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id FAA11029;
Wed, 24 Feb 1999 05:53:06 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id FAA22603;
Wed, 24 Feb 1999 05:48:22 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id FAA02787
for <[email protected]>; Wed, 24 Feb 1999 05:33:25 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id GAA24642;
Wed, 24 Feb 1999 06:33:03 -0500
Message-Id: <[email protected]>
Date: Wed, 24 Feb 1999 06:33:03 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: Alex Yu <[email protected]>
Cc: [email protected]
Subject: Re: Is there some doc on using wu-ftpd+ssleay
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Tue, 23 Feb 1999, Alex Yu wrote:

> how is exactly that wu-ftpd + ssl work?

Read the SSL specifications at Netscape and what documentation comes with
the patches. The work is patches against an old version of wu-ftpd,
beta-13 as I recall. ISTR someone saying they'd updated them for a more
recent version.

> do users have to use special client?

Yes. There are patches for the BSD client at the SSLeay site. ISTR
someone saying they offerred a for-pay client as well. So far as I know,
those are the only two clients which support it, although I expect there's
one or two more commercial clients out there.

> can you provide more information?

Since it's not used very much (if at all) I've never done more than a
quick look. Also, since I'm in the US and don't want to bother with ITAR,
I can't work on it and make my code public.

If you have need to securely transfer files between servers, I recommend
SSH scp. For use by the general public I'd suggest using HTTP+SSL, since
clients for that protocol _are_ in wide-spread use (as are clients for
NNTP+SSL, IMAP+SSL and POP+SSL).

The FTP protocol does not lend itself to SSL since, in a full
implementation, both the client and the server require _server_
certificates. The FTP Security Extensions (RFC 2228) address these
issues. BeroFTPD supports RFC2228 as do a number of clients.

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Wed Feb 24 11:08:47 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id LAA14788;
Wed, 24 Feb 1999 11:08:45 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id LAA26955;
Wed, 24 Feb 1999 11:03:29 -0600 (CST)
Received: from pc01.ext.miyake.org (pc01.ext.miyake.org [210.154.2.83])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id LAA06620
for <[email protected]>; Wed, 24 Feb 1999 11:01:07 -0600 (CST)
Received: from pc04.int.miyake.org (pc04.int.miyake.org [210.154.2.92])
by pc01.ext.miyake.org (8.8.8/3.6W-pc01-1.5) with ESMTP id CAA12757
for <[email protected]>; Thu, 25 Feb 1999 02:01:03 +0900
Received: from pc04.int.miyake.org (localhost [127.0.0.1])
by pc04.int.miyake.org (8.8.8/3.6W-pc04-1.3) with ESMTP id CAA08021
for <[email protected]>; Thu, 25 Feb 1999 02:01:03 +0900 (JST)
Message-Id: <[email protected]>
Date: Thu, 25 Feb 1999 02:01:03 +0900
Reply-To: [email protected]
Sender: [email protected]
From: Kenji Miyake <[email protected]>
To: [email protected]
Subject: s/key and fetch
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Mailer: Mew version 1.70 on Emacs 19.28.1 / Mule 2.3
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Hello,

I'm trying to use wu-ftpd-2.4.2-beta-18-vr14(with SKEY
support) between fetch 3.0.3 (macintosh ftp client) but no work.
because fetch doesn't recognize s/key challenge phrase
(wu-ftpd-2.4.2-beta-14 or early version are parse correctly)

--- ftpd.c.org Sun Feb 21 02:38:14 1999
+++ ftpd.c Wed Feb 24 06:01:06 1999
@@ -1382,34 +1382,6 @@
return(&save);
#endif
}
-#if defined(SKEY) && !defined(__NetBSD__)
-/*
- * From Wietse Venema, Eindhoven University of Technology.
- */
-/* skey_challenge - additional password prompt stuff */
-#ifdef __STDC__
-char *skey_challenge(char *name, struct passwd *pwd, int pwok)
-#else
-char *skey_challenge(name, pwd, pwok)
-char *name;
-struct passwd *pwd;
-int pwok;
-#endif
-{
- static char buf[128];
- char sbuf[40];
- struct skey skey;
-
- /* Display s/key challenge where appropriate. */
-
- if (pwd == NULL || skeychallenge(&skey, pwd->pw_name, sbuf))
- sprintf(buf, "Password required for %s.", name);
- else
- sprintf(buf, "%s %s for %s.", sbuf,
- pwok ? "allowed" : "required", name);
- return (buf);
-}
-#endif
int login_attempts; /* number of failed login attempts */
int askpasswd; /* had user command, ask for passwd */
#ifndef HELP_CRACKERS
@@ -1482,6 +1454,10 @@
extern int ext_auth;
extern char *start_auth();
#endif
+#ifdef SKEY
+ char sbuf[40];
+ struct skey skey;
+#endif

/* H* fix: if we're logged in at all, we can't log in again. */
if (logged_in) {
@@ -1847,7 +1823,12 @@
/* this is the new way */
pwok = skeyaccess(pw, NULL, remotehost, remoteaddr);
#endif
- reply(331, "%s", skey_challenge(name, pw, pwok));
+ if (pw == NULL || skeychallenge(&skey, pw->pw_name, sbuf))
+ reply(331, "Password required for %s.", name);
+ else {
+ lreply(331, "s/key %s for %s.", pwok ? "allowed" : "required", pw->pw_name);
+ reply(331, "%s", sbuf);
+ }
#else
if (skey_haskey(name) == 0) {
char *myskey;

From [email protected] Wed Feb 24 12:04:36 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id MAA15484;
Wed, 24 Feb 1999 12:04:36 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id MAA06668;
Wed, 24 Feb 1999 12:01:16 -0600 (CST)
Received: from star.ayamura.org ([email protected] [202.26.20.3])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id LAA29981
for <[email protected]>; Wed, 24 Feb 1999 11:58:07 -0600 (CST)
Received: (from ayamura@localhost)
by star.ayamura.org (8.9.3/8.9.3) id CAA13345;
Thu, 25 Feb 1999 02:58:01 +0900 (JST)
env-from (ayamura)
Message-Id: <[email protected]>
Date: 25 Feb 1999 02:58:00 +0900
Reply-To: [email protected]
Sender: [email protected]
From: Ayamura Kikuchi <[email protected]>
To: [email protected]
Subject: Re: s/key and fetch
In-Reply-To: <[email protected]>
References: <[email protected]>
MIME-Version: 1.0 (generated by SEMI 1.13.2 - "Mikawa")
Content-Type: text/plain; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

> because fetch doesn't recognize s/key challenge phrase

> + lreply(331, "s/key %s for %s.", pwok ? "allowed" : "required", pw->pw_name);

No. This is a matter of your OTP library.

-- ayamura

From [email protected] Wed Feb 24 12:48:18 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id MAA16087;
Wed, 24 Feb 1999 12:48:11 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id MAA20912;
Wed, 24 Feb 1999 12:40:28 -0600 (CST)
Received: from pc01.ext.miyake.org (pc01.ext.miyake.org [210.154.2.83])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id MAA23202
for <[email protected]>; Wed, 24 Feb 1999 12:36:49 -0600 (CST)
Received: from pc04.int.miyake.org (pc04.int.miyake.org [210.154.2.92])
by pc01.ext.miyake.org (8.8.8/3.6W-pc01-1.5) with ESMTP id DAA13245
for <[email protected]>; Thu, 25 Feb 1999 03:36:46 +0900
Received: from pc04.int.miyake.org (localhost [127.0.0.1])
by pc04.int.miyake.org (8.8.8/3.6W-pc04-1.3) with ESMTP id DAA08386
for <[email protected]>; Thu, 25 Feb 1999 03:36:46 +0900 (JST)
Message-Id: <[email protected]>
Date: Thu, 25 Feb 1999 03:36:46 +0900
Reply-To: [email protected]
Sender: [email protected]
From: Kenji Miyake <[email protected]>
To: [email protected]
Subject: Re: s/key and fetch
In-Reply-To: Your message of "25 Feb 1999 02:58:00 +0900"
References: <[email protected]>
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Mailer: Mew version 1.70 on Emacs 19.28.1 / Mule 2.3
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

From: Ayamura Kikuchi <[email protected]>
Subject: Re: s/key and fetch
Date: 25 Feb 1999 02:58:00 +0900

> > because fetch doesn't recognize s/key challenge phrase
>
> > + lreply(331, "s/key %s for %s.", pwok ? "allowed" : "required", pw->pw_name);
>
> No. This is a matter of your OTP library.

I'm build wu-ftpd with logdaemon-5.6 and make status code to

331 s/key 98 xx999999

was recognized but

331 s/key 98 xx999999 allowd for user.

was not.

fetch may fail to find end of challenge phrase.

From [email protected] Wed Feb 24 13:24:41 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id NAA16546;
Wed, 24 Feb 1999 13:24:40 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id NAA11867;
Wed, 24 Feb 1999 13:19:32 -0600 (CST)
Received: from star.ayamura.org ([email protected] [202.26.20.3])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id NAA20987
for <[email protected]>; Wed, 24 Feb 1999 13:13:47 -0600 (CST)
Received: (from ayamura@localhost)
by star.ayamura.org (8.9.3/8.9.3) id EAA25303;
Thu, 25 Feb 1999 04:13:45 +0900 (JST)
env-from (ayamura)
Message-Id: <[email protected]>
Date: 25 Feb 1999 04:13:45 +0900
Reply-To: [email protected]
Sender: [email protected]
From: Ayamura Kikuchi <[email protected]>
To: [email protected]
Subject: Re: s/key and fetch
In-Reply-To: <[email protected]>
References: <[email protected]>
<[email protected]>
MIME-Version: 1.0 (generated by SEMI 1.13.2 - "Mikawa")
Content-Type: text/plain; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

> 331 s/key 98 xx999999
>
> was recognized but
>
> 331 s/key 98 xx999999 allowd for user.
>
> was not.

The string "s/key" should not be used as the first token of the
challenge. The syntax of the challenge should be:
otp-<algorithm identifier> <sequence integer> <seed>

An example of an OTP challenge is:
otp-md5 123 bar

-- ayamura

From [email protected] Wed Feb 24 13:49:07 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id NAA16896;
Wed, 24 Feb 1999 13:49:06 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id NAA22761;
Wed, 24 Feb 1999 13:45:27 -0600 (CST)
Received: from pc01.ext.miyake.org (pc01.ext.miyake.org [210.154.2.83])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id NAA07818
for <[email protected]>; Wed, 24 Feb 1999 13:41:05 -0600 (CST)
Received: from pc04.int.miyake.org (pc04.int.miyake.org [210.154.2.92])
by pc01.ext.miyake.org (8.8.8/3.6W-pc01-1.5) with ESMTP id EAA13551
for <[email protected]>; Thu, 25 Feb 1999 04:41:02 +0900
Received: from pc04.int.miyake.org (localhost [127.0.0.1])
by pc04.int.miyake.org (8.8.8/3.6W-pc04-1.3) with ESMTP id EAA09715
for <[email protected]>; Thu, 25 Feb 1999 04:41:02 +0900 (JST)
Message-Id: <[email protected]>
Date: Thu, 25 Feb 1999 04:41:02 +0900
Reply-To: [email protected]
Sender: [email protected]
From: Kenji Miyake <[email protected]>
To: [email protected]
Subject: Re: s/key and fetch
In-Reply-To: Your message of "25 Feb 1999 04:13:45 +0900"
References: <[email protected]>
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Mailer: Mew version 1.70 on Emacs 19.28.1 / Mule 2.3
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

From: Ayamura Kikuchi <[email protected]>
Subject: Re: s/key and fetch
Date: 25 Feb 1999 04:13:45 +0900

> > 331 s/key 98 xx999999
> >
> > was recognized but
> >
> > 331 s/key 98 xx999999 allowd for user.
> >
> > was not.
>
> The string "s/key" should not be used as the first token of the
> challenge. The syntax of the challenge should be:
> otp-<algorithm identifier> <sequence integer> <seed>
>
> An example of an OTP challenge is:
> otp-md5 123 bar

These require for OPIE options.

s/key require string "s/key".

From [email protected] Wed Feb 24 14:04:02 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id OAA17176;
Wed, 24 Feb 1999 14:04:01 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id NAA13901;
Wed, 24 Feb 1999 13:59:07 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id NAA14938
for <[email protected]>; Wed, 24 Feb 1999 13:57:04 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id OAA28848;
Wed, 24 Feb 1999 14:56:54 -0500
Message-Id: <[email protected]>
Date: Wed, 24 Feb 1999 14:56:53 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: Kenji Miyake <[email protected]>
Cc: [email protected]
Subject: Re: s/key and fetch
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

OPIE is not S/Key. Your patch was for S/Key authentication.

VR15 will include fixes for OPIE along the lines you're talking about.

On Thu, 25 Feb 1999, Kenji Miyake wrote:

> > > 331 s/key 98 xx999999
> > >
> > > was recognized but
> > >
> > > 331 s/key 98 xx999999 allowd for user.
> > >
> > > was not.
> >
> > The string "s/key" should not be used as the first token of the
> > challenge. The syntax of the challenge should be:
> > otp-<algorithm identifier> <sequence integer> <seed>
> >
> > An example of an OTP challenge is:
> > otp-md5 123 bar
>
> These require for OPIE options.
>
> s/key require string "s/key".
>

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Wed Feb 24 14:15:36 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id OAA17362;
Wed, 24 Feb 1999 14:15:35 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id OAA21376;
Wed, 24 Feb 1999 14:12:12 -0600 (CST)
Received: from star.ayamura.org ([email protected] [202.26.20.3])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id OAA04217
for <[email protected]>; Wed, 24 Feb 1999 14:06:22 -0600 (CST)
Received: (from ayamura@localhost)
by star.ayamura.org (8.9.3/8.9.3) id FAA26969;
Thu, 25 Feb 1999 05:06:13 +0900 (JST)
env-from (ayamura)
Message-Id: <[email protected]>
Date: 25 Feb 1999 05:06:13 +0900
Reply-To: [email protected]
Sender: [email protected]
From: Ayamura Kikuchi <[email protected]>
To: [email protected]
Subject: Re: s/key and fetch
In-Reply-To: <[email protected]>
References: <[email protected]>
<[email protected]>
MIME-Version: 1.0 (generated by SEMI 1.13.2 - "Mikawa")
Content-Type: text/plain; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

> These require for OPIE options.
>
> s/key require string "s/key".

See RFC2243 (Standards Track) and so on.

-- ayamura

From [email protected] Wed Feb 24 14:37:29 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id OAA17648;
Wed, 24 Feb 1999 14:37:28 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id OAA25256;
Wed, 24 Feb 1999 14:31:21 -0600 (CST)
Received: from iloginc.ilog.com (iloginc.ilog.com [208.227.181.1])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id OAA12260
for <[email protected]>; Wed, 24 Feb 1999 14:29:41 -0600 (CST)
Received: from iloginc (localhost [127.0.0.1])
by iloginc.ilog.com (8.9.1/8.9.1) with ESMTP id MAA02200
for <[email protected]>; Wed, 24 Feb 1999 12:31:58 -0800 (PST)
Message-Id: <[email protected]>
Date: Wed, 24 Feb 1999 12:31:58 -0800
Reply-To: [email protected]
Sender: [email protected]
From: Daniel Fong <[email protected]>
To: [email protected]
Subject: restricted FTP
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Hello,

How can I setup a user so that they can't move out of the home directory
that I place them in? Sorry, I couldn't find a FAQ for this.

Thanks.

-Dan

From [email protected] Wed Feb 24 15:04:29 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id PAA18028;
Wed, 24 Feb 1999 15:04:28 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id OAA31348;
Wed, 24 Feb 1999 14:57:11 -0600 (CST)
Received: from mail-atm.nycap.rr.com ([email protected] [24.92.32.1])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id OAA22045
for <[email protected]>; Wed, 24 Feb 1999 14:53:44 -0600 (CST)
Received: from yua2.nycap.rr.com (cisco-56-184.nycap.rr.com [24.92.56.184])
by mail-atm.nycap.rr.com (8.9.1/8.9.1) with SMTP id PAA20541
for <[email protected]>; Wed, 24 Feb 1999 15:53:37 -0500 (EST)
Message-Id: <[email protected]>
Date: Wed, 24 Feb 1999 15:54:50 -0500
Reply-To: [email protected]
Sender: [email protected]
From: Alex Yu <[email protected]>
To: [email protected]
Subject: Re: restricted FTP
In-Reply-To: <[email protected]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Sender: [email protected]
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

At 12:31 PM 1999/2/24 -0800, you wrote:

>How can I setup a user so that they can't move out of the home directory
>that I place them in? Sorry, I couldn't find a FAQ for this.

i don't believe you can do that. just set dir permission on directories
that you don't want them to have access in.

alex

From [email protected] Wed Feb 24 15:04:59 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id PAA18038;
Wed, 24 Feb 1999 15:04:58 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id OAA21060;
Wed, 24 Feb 1999 14:58:56 -0600 (CST)
Received: from fatcat.inven.com (fatcat.inven.com [204.142.49.130])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id OAA05218
for <[email protected]>; Wed, 24 Feb 1999 14:56:23 -0600 (CST)
Received: from mailnyc [195.1.2.68]
by fatcat.inven.com with esmtp (Exim 1.71 #1)
id 10FlMI-0000bw-00; Wed, 24 Feb 1999 15:56:42 -0500
Received: by mailnyc with smtp (Exim 2.10)
id 10FlNi-0000AH-00; Wed, 24 Feb 1999 15:58:10 -0500
Message-Id: <4.1.19990224155124.00b75cd0@mailnyc>
Date: Wed, 24 Feb 1999 15:53:33 -0500
Reply-To: [email protected]
Sender: [email protected]
From: John-Paul Pagano <[email protected]>
To: [email protected], [email protected]
Subject: Re: restricted FTP
In-Reply-To: <[email protected]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Sender: jpagano@mailnyc
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

At 12:31 PM 2/24/99 -0800, Daniel Fong wrote:
>Hello,
>
>How can I setup a user so that they can't move out of the home directory
>that I place them in? Sorry, I couldn't find a FAQ for this.
>
>Thanks.
>
>-Dan

Here's the FAQ you requested:

-- File inserted here --

FTP Restriction Message "HOWTO" follows:
----------------------------------------------------------------
Here's how to do it with WU-FTPD. BSDI specific instructions are towards
the end.

Cheers... Steve Song

From: Michael Brennen <[email protected]
Subject: wu-ftpd guest accounts

There are three kinds of FTP logins that wu-ftpd provides:

1: anonymous FTP
2: real FTP
3: guest FTP

Anonymous FTP is well known; one logs in with the username 'anonymous'
and an email type password.

Real FTP is when someone logs in with a real username and password and
has access to the entire disk structure. This form of access can be
extremely dangerous to system security and should be avoided unless
absolutely necessary and well controlled.

Guest FTP is a form of real FTP; one logs in with a real user name and
password, but the user is chroot'ed to his home directory and cannot
escape from it. This is much safer, and it is a useful way for remote
clients to maintain their Web accounts.

If you want to learn more about 'chroot', the following two commands

man chroot

There may be different man pages in sections 1, 2 and 8 (or others,
perhaps) depending on your operating system. ('man # chroot')

This howto will describe in detail the steps necessary to set up a
guest FTP account. It does not describe anonymous or real FTP setup,
though the procedures for setting up an operational 'ls' command will

apply equally to anonymous FTP because of the chroot'ed nature of
anonymous FTP.

***********************************************************************

The working example here will be as if it were a directory under a Web
tree, /home/web. The Web account will be maintained remotely by FTP.
The remote user is Mortimer. Mortimer's account name is "mort", group
"client".

(Yes, there is some droll humor here for the French speakers...)

1. Create Mort's entry in /etc/passwd and /etc/group. Do so manually,
or use adduser or whatever your Unix supports. If you use adduser,
you will probably have to make manual modifications to get the /./
information in the home path.

There are also entries to make in /etc/ftpaccess.

/etc/passwd:
mort:*:403:400:Mortimer Snerd:/home/web/mort/./:/etc/ftponly
^^^
The /./ sequence determines where the chroot() is done to. If you
want the chroot() done to the web directory and a chdir() to mort,
it would look like this:

mort:*:403:400:Mortimer Snerd:/home/web/./mort/:/etc/ftponly
^^^

--------> (make sure "/etc/ftponly" is in /etc/shells.)

/etc/group:
client::400:mort

Set Mort's password as you wish, or better yet use S/KEY

If you are using the Beta version of ftpd (HIGHLY RECOMMENDED) that
Stan Barber has put together, you must do one of two thing to properly
use /etc/ftpaccess:

1) compile the source to use /etc/ftpaccess by default (comes turned off);
hack the source to set use_accessfile = 1;

OR

2) run the daemon with the -a option.

/etc/ftpaccess:
class local real,guest,anonymous ......
. ^^^^^
. +----------- define 'guest' in the proper classes;
. this is site dependent.
.
.
delete no anonymous,guest # delete permission?
overwrite no anonymous,guest # overwrite permission?
rename no anonymous,guest # rename permission?
chmod no anonymous,guest # chmod permission?
umask no anonymous,guest # umask permission?
. ^^^^^
. +------ decide if guest should be in this
. permission list; this is site dependent.
.
.
path-filter guest /etc/pathmsg ^[-A-Za-z0-9_\.]*$ ^\. ^-
.
guestgroup client
.

2. Create Mort's home directory and set its ownership and protections.

mkdir /home/web/mort

chown mort.client /home/web/mort

chmod 755 /home/web/mort

3. Build the directory structure under Mort's account.
Create the /etc, /lib, and any other directory you need
in the directory that the chroot() is done into.

cd /home/web/mort

mkdir etc bin [dev lib] (dev and lib are optional and are OS dependent.)

chown root.daemon etc bin

chmod 111 etc bin

4. Build the contents of the ~/bin directory.

USE STATICALLY LINKED COPIES OF ALL UTILITIES IF POSSIBLE -- YOUR LIFE
(AND EVERYONE ELSE'S ON [email protected]) WILL BE SIMPLER.

(Note: you probably already have a statically linked "ls" in /home/ftp/bin)

cp /.../bin/ls bin
chown root.bin bin/ls
chmod 111 bin/ls

Optional for on the fly compression and tar:

cp /.../bin/gzip bin
cp /.../bin/tar bin
chown root.bin bin/gzip
chown root.bin bin/tar
chmod 111 bin/gzip
chmod 111 bin/tar

If the utilities are not static, create the necessary devices in ~/dev and
copy the necessary libraries into ~/lib. Check the man page for ftpd that
comes with your system; it may be of help.

REGARDING HARD AND SOFT/SYMBOLIC LINKS:

The chroot() obviates the use of soft links in this case. However, it
it is possible to make these hard links back to the master copy of the
utilities rather than copies. This can save some disk space if that is
a concern.

5. Build the contents of the ~/etc directory.

Edit "passwd" to contain the following:

root:*:0:0::/:/etc/ftponly
mort:*:403:400::/home/web/mort/./:/etc/ftponly

Edit "group" to contain the following:

root::0:root
client::400:mort

chown root.daemon passwd group

chmod 444 passwd group

6. Add some extra security touches

cd /home/web/mort
touch .rhosts .forward
chown root.root .rhosts .forward
chmod 400 .rhosts .forward

You should now be the proud owner of a working guest group FTP login.
Connect to the machine via FTP and login as "mort". You should end up in
Mort's account with a current directory of "/".

If not, go over it carefully again, as there is a lot of detail here. If
you still can't get it to work, yell for help on [email protected].

**************************************************************************

OS DEPENDENCIES / QUIRKS

LINUX:

Linux does not need a ~/dev dir. It does need the ~/lib dir if the
utilities in ~/bin are dynamically linked.

Use the 'ldd' command to find out what libraries are necessary for a given
dynamically linked utility.

SOLARIS:

Solaris can't handle SETPROCTITLE, so turn the compile time option off.

(The following was culled from a post by Tom Leach to the wu-ftpd list.)

>For people who are having problems with ls -al and dir on solaris 2.x
>systems, you might try the following to find out what's missing...

>truss -f chroot ~ftp /bin/ls

>This will run the ls command in the same chroot'd environment that
>anonymous FTP runs in. The truss will show you what
>files/libraries/devices are accessed and where the ls is looking for them.

>Tom Leach
>[email protected]

SUN 4.1.x:

Create a ~dev/zero and ~dev/tcp device for the FTP directory as follows.
Run the following 'ls' command, then create the devices in the ~/dev
directory with the 'mknod' command, using the major and minor numbers
from the 'ls' results (thanks to Jim Davis <[email protected]>).

ls -lL /dev/zero /dev/tcp
cd dev
mknod zero c <major> <minor>
mknod tcp c <major> <minor>
cd ..
chmod 555 dev

You may also wish to use the following method to create the device,
per Ian Willis <ianw.sco.com>; repeat this command for each device
(zero, tcp, etc.).

find /dev/zero -print | cpio -pd ~ftp

Also, you probably need the following shared libraries:
~lib/ld.so
~lib/libc.so
~lib/libdl.so

BSDI:

Set 555 protections on the ~ftp/shlib and its contents if shared
libraries are used.

From Darci Chapman ([email protected]):

The following directories and files need to be created in whatever
directory/ies are being chrooted to (~ftp for anon ftp or for whatever
directory guest users are chrooted):

dr-xr-xr-x root/wheel 0 Nov 3 01:43 1995 bin/
-r-xr-xr-x root/wheel 12288 Nov 3 01:43 1995 bin/compress
-r-xr-xr-x root/wheel 45056 Nov 3 01:43 1995 bin/gzip
-r-xr-xr-x root/wheel 12288 Nov 3 01:43 1995 bin/ls
-r-xr-xr-x root/wheel 65536 Nov 3 01:43 1995 bin/pax
dr-xr-xr-x root/wheel 0 Nov 3 01:43 1995 etc/

-r--r--r-- root/wheel 793 Nov 3 01:43 1995 etc/group
-r--r--r-- root/wheel 817 Nov 3 01:43 1995 etc/localtime
-r--r--r-- root/wheel 40960 Nov 3 01:43 1995 etc/pwd.db
dr-xr-xr-x root/wheel 0 Feb 3 12:34 1995 pub/
dr-xr-xr-x root/wheel 0 Nov 3 01:43 1995 shlib/
-r-xr-xr-x root/wheel 298407 Nov 3 01:43 1995 shlib/libc_s.2.0

IRIX (5.3, 6.x)

from frans stekelenburg <[email protected]>:

(as in SUN 4.1.x, but without /dev/tcp)

Create a ~dev/zero device for the FTP directory as follows. (tip:
search on 'dev/zero' in your IRIX systems' Online Books.)
Run the following 'ls' command, then create the devices in the ~/dev
directory with the 'mknod' command, using the major and minor numbers
from the 'ls' results (thanks to Jim Davis <[email protected]>).

ls -lL /dev/zero
cd dev
mknod zero c <major> <minor>
cd ..
chmod 555 dev

You may also wish to use the following method to create the device,
per Ian Willis <ianw.sco.com>; repeat this command for each device
(zero, tcp, etc.).

find /dev/zero -print | cpio -pd ~ftp

Also, you probably need the following shared libraries:
~lib/rld
~lib/libc.so.1
(found in /lib)

Also read the manpages on FTPD, or look in the IRIX Insight Library
(Online Books) in the book/chapter "IRIX Admin: Networking and Mail"
for the paragraph 'How to Set Up a Proper Anonymous FTP Account'
(search helps:-)) on your IRIX system.

AIX:

Per Chuque Berry <[email protected]> and Joseph Matusiewicz
<[email protected]>, AIX needs the following files for
the external ls to work:

~lib/libc.a
~lib/libcurses.a (???)

**************************************************************************

For extra tips on security see Christopher Klaus's FAQ:

http://www.iss.net/iss/faq.html

**************************************************************************

If you run across some special trick required to get guest access to run
on your OS, or some security cleanup, please let me know and I will update
the master of this document.

Don't contact me individually for help. Go through the wu-ftpd list for
that and I will see the post there.

Michael Brennen
[email protected]

--
John-Paul Pagano
Unix Systems Administrator
Voice: (212) 208-0828
Fax: (212) 825-1040

From [email protected] Wed Feb 24 15:17:10 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id PAA18210;
Wed, 24 Feb 1999 15:17:09 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id PAA31534;
Wed, 24 Feb 1999 15:09:51 -0600 (CST)
Received: from fatcat.inven.com (fatcat.inven.com [204.142.49.130])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id PAA03502
for <[email protected]>; Wed, 24 Feb 1999 15:06:35 -0600 (CST)
Received: from mailnyc [195.1.2.68]
by fatcat.inven.com with esmtp (Exim 1.71 #1)
id 10FlUI-0000iw-00; Wed, 24 Feb 1999 16:04:58 -0500
Received: by mailnyc with smtp (Exim 2.10)
id 10FlVi-0000TB-00; Wed, 24 Feb 1999 16:06:26 -0500
Message-Id: <4.1.19990224160054.00c2b2e0@mailnyc>
Date: Wed, 24 Feb 1999 16:01:50 -0500
Reply-To: [email protected]
Sender: [email protected]
From: John-Paul Pagano <[email protected]>
To: [email protected], [email protected]
Subject: Re: restricted FTP
In-Reply-To: <[email protected]>
References: <[email protected]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Sender: jpagano@mailnyc
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

At 03:54 PM 2/24/99 -0500, Alex Yu wrote:
>At 12:31 PM 1999/2/24 -0800, you wrote:
>
>>How can I setup a user so that they can't move out of the home directory
>>that I place them in? Sorry, I couldn't find a FAQ for this.
>
>i don't believe you can do that. just set dir permission on directories
>that you don't want them to have access in.
>
>alex

No, you can. This is one of the most basic functionality sets configured
to work in conjunction with an FTP server. The method for doing it is
called "setting up a chrooted environment". Read the FAQ I posted.

--
John-Paul Pagano
Unix Systems Administrator
Voice: (212) 208-0828
Fax: (212) 825-1040

From [email protected] Wed Feb 24 15:17:26 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id PAA18222;
Wed, 24 Feb 1999 15:17:25 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id PAA03271;
Wed, 24 Feb 1999 15:11:17 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id PAA21610
for <[email protected]>; Wed, 24 Feb 1999 15:08:02 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id QAA29715;
Wed, 24 Feb 1999 16:07:47 -0500
Message-Id: <[email protected]>
Date: Wed, 24 Feb 1999 16:07:47 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: John-Paul Pagano <[email protected]>
Cc: [email protected], WU-FTPD Discussion List <[email protected]>,
Michael Brennen <[email protected]>
Subject: Re: restricted FTP
In-Reply-To: <4.1.19990224155124.00b75cd0@mailnyc>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Wed, 24 Feb 1999, John-Paul Pagano wrote:

> From: Michael Brennen <[email protected]

Michael, Koos: Let's get the Guest-HOWTO updated for this info:

> OS DEPENDENCIES / QUIRKS
>
> LINUX:
>
> Linux does not need a ~/dev dir.

Not true.

*ALL* installations of WU-FTPD require ~/dev/null

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Wed Feb 24 16:30:59 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id QAA19165;
Wed, 24 Feb 1999 16:30:58 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id QAA19713;
Wed, 24 Feb 1999 16:27:32 -0600 (CST)
Received: from iloginc.ilog.com (iloginc.ilog.com [208.227.181.1])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id QAA03245
for <[email protected]>; Wed, 24 Feb 1999 16:26:19 -0600 (CST)
Received: from iloginc (localhost [127.0.0.1])
by iloginc.ilog.com (8.9.1/8.9.1) with ESMTP id OAA07879;
Wed, 24 Feb 1999 14:27:38 -0800 (PST)
Message-Id: <[email protected]>
Date: Wed, 24 Feb 1999 14:27:37 -0800
Reply-To: [email protected]
Sender: [email protected]
From: Daniel Fong <[email protected]>
To: John-Paul Pagano <[email protected]>
Cc: [email protected], [email protected]
Subject: Re: restricted FTP
In-Reply-To: Your message of "Wed, 24 Feb 1999 15:53:33 EST."
<4.1.19990224155124.00b75cd0@mailnyc>
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Hello,

I think I've set things up properly, but when I login as the restricted
user I am still able to do an 'ls' and 'cd' to anywhere on the filesystem.
I've listed below the steps I went through. Any ideas?

Thanks.

-Dan

John-Paul Pagano <[email protected]> said:

> Here's the FAQ you requested:
>
> /etc/passwd:
> mort:*:403:400:Mortimer Snerd:/home/web/mort/./:/etc/ftponly

distrib:x:65537:1003:FTP distrib:/export/ftp/pub/./:/etc/ftponly

> /etc/group:
> client::400:mort

cpxautolic::1003:admin,autolic,distrib

> 3. Build the directory structure under Mort's account.
> Create the /etc, /lib, and any other directory you need
> in the directory that the chroot() is done into.

-r--r--r-- 1 root daemon 382 Feb 12 1996 README
d--x--x--x 2 root daemon 512 Feb 24 12:09 bin
drwxr-xr-x 2 root other 512 Feb 24 14:03 dev
d--x--x--x 2 root daemon 512 Feb 24 14:05 etc
drwxr-xr-x 14 root daemon 512 Dec 22 10:10 pub
drwxr-xr-x 5 root other 512 Feb 24 14:00 usr

> 4. Build the contents of the ~/bin directory.

# ls -ld bin
d--x--x--x 2 root daemon 512 Feb 24 12:09 bin

> 5. Build the contents of the ~/etc directory.
>
> Edit "passwd" to contain the following:
>
> root:*:0:0::/:/etc/ftponly
> mort:*:403:400::/home/web/mort/./:/etc/ftponly

-rw-r--r-- 1 root daemon 671 Feb 24 14:12 passwd
root:x:0:0::/:/etc/ftponly
distrib:x:65537:1003:FTP distrib:/export/ftp/pub/./:/etc/ftponly

>
> Edit "group" to contain the following:
>
> root::0:root
> client::400:mort
-rw-r--r-- 1 root daemon 317 Feb 24 14:12 group
root::0:root
cpxautolic::1003:admin,autolic,distrib

From [email protected] Wed Feb 24 19:12:28 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id TAA21105;
Wed, 24 Feb 1999 19:12:27 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id TAA32611;
Wed, 24 Feb 1999 19:08:55 -0600 (CST)
Received: from tower.ti.com (tower.ti.com [192.94.94.5])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id TAA17412
for <[email protected]>; Wed, 24 Feb 1999 19:08:12 -0600 (CST)
Received: from spanky.dal.asp.ti.com ([172.24.154.20]) by tower.ti.com (8.8.8) with ESMTP id TAA29603 for <[email protected]>; Wed, 24 Feb 1999 19:07:41 -0600 (CST)
Received: from pavis.asic.sc.ti.com (pavis.asic.sc.ti.com [128.247.100.46])
by spanky.dal.asp.ti.com (8.8.8+Sun/8.8.8/FL-ASP-1.9) with SMTP id TAA18502
for <[email protected]>; Wed, 24 Feb 1999 19:07:40 -0600 (CST)
Received: by pavis.asic.sc.ti.com id <[email protected]>; Wed, 24 Feb 99 19:07:40 -0600
Message-Id: <[email protected]>
Date: Wed, 24 Feb 99 19:07:40 CST
Reply-To: [email protected] (Bob Luckin)
Sender: [email protected]
From: Bob Luckin <[email protected]>
To: [email protected]
Subject: Re: restricted FTP
In-Reply-To: <4.1.19990224160054.00c2b2e0@mailnyc>; from "John-Paul Pagano" at Feb 24, 99 4:01 pm
X-Mimi-Options: HEADERS TI2
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

> >>How can I setup a user so that they can't move out of the home directory
> >>that I place them in? Sorry, I couldn't find a FAQ for this.
> >
> >i don't believe you can do that. just set dir permission on directories
> >that you don't want them to have access in.
> >
> >alex
>
> No, you can. This is one of the most basic functionality sets configured
> to work in conjunction with an FTP server. The method for doing it is
> called "setting up a chrooted environment". Read the FAQ I posted.

OK, let's get fussy... :-)

Setting up a chrooted environment only prevents the user from moving to
directories outside the tree under the new root. It does not prevent them
from moving out of the home directory into subdirectories such as bin, dev,
etc., which must still be present under the chrooted area.

So Alex was strictly speaking correct - the only way to prevent someone from
leaving the home directory and getting into one of the subdirectories they
can see from there is to set permissions on them to prevent it.

You need a combination of both methods (guestgroup/anonymous and permissions)
to restrict someone to just a single directory.

Cheers, Bob
--
Bob Luckin [email protected] "Coder, adapt. FTP Ada, redo C"
[http://www.dhc.net/~luckin/palindromes.html]

From [email protected] Wed Feb 24 20:16:43 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id UAA21817;
Wed, 24 Feb 1999 20:16:42 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id UAA24242;
Wed, 24 Feb 1999 20:13:21 -0600 (CST)
Received: from science.edu (wbrtr.wband.com [207.140.55.65])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id UAA32702
for <[email protected]>; Wed, 24 Feb 1999 20:10:01 -0600 (CST)
Received: (qmail 11395 invoked from network); 25 Feb 1999 03:13:32 -0000
Received: from unknown (HELO WideCast2) (192.168.1.124)
by wbrtr.wband.com with SMTP; 25 Feb 1999 03:13:32 -0000
Message-Id: <[email protected]>
Date: Wed, 24 Feb 1999 20:12:06 -0600
Reply-To: [email protected]
Sender: [email protected]
From: "D. Carlos Knowlton" <[email protected]>
To: "WU-FTP" <[email protected]>
Subject: home dir: anonymous-yes, user-no (?)
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.0810.800
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.0810.800
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

I have just upgraded my wu-ftpd from 2.4.2[BETA 15](1) to 2.4.2{BETA 18](14)
on my Linux 2.0.35 system. It seemed to install well, and the anonymous
user functions just great, but when I logged in with recognized users, I got
this:

230-No directory! Logging in with home=/
230 User <username> logged in..

I'm not using shadow passwords, but I tried enabling then anyway, because
the FAQ suggested this as a possibility (okay, so I'm desperate! =). It
worked nicely before my upgrade, what changed?

From [email protected] Wed Feb 24 21:22:10 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id VAA22501;
Wed, 24 Feb 1999 21:22:09 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id VAA19131;
Wed, 24 Feb 1999 21:18:05 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id VAA12901
for <[email protected]>; Wed, 24 Feb 1999 21:14:50 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id WAA32329;
Wed, 24 Feb 1999 22:14:45 -0500
Message-Id: <[email protected]>
Date: Wed, 24 Feb 1999 22:14:45 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: "D. Carlos Knowlton" <[email protected]>
Cc: WU-FTP <[email protected]>
Subject: Re: home dir: anonymous-yes, user-no (?)
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Wed, 24 Feb 1999, D. Carlos Knowlton wrote:

> 230-No directory! Logging in with home=/

In summary:

if (!anonymous && !guest) {
if (chdir(pw->pw_dir) < 0) {
if (chdir("/") < 0) {
syslog (LOG_NOTICE, "FTP LOGIN FAILED (cannot chdir) for
} else {
lreply(230, "No directory! Logging in with home=/");

A real user's /etc/passwd entry was messed up and the daemon got an error
changing to it so it tried '/' and that worked.

Check /etc/passwd for typos.

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Thu Feb 25 09:28:43 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id JAA00486;
Thu, 25 Feb 1999 09:28:42 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id JAA24728;
Thu, 25 Feb 1999 09:22:56 -0600 (CST)
Received: from ueitm1.unisourcelink.com ([38.149.121.67])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id JAA27004
for <[email protected]>; Thu, 25 Feb 1999 09:19:38 -0600 (CST)
Received: by UEITM1 with Internet Mail Service (5.5.1960.3)
id <1V0ZA44P>; Thu, 25 Feb 1999 10:23:58 -0500
Message-Id: <6BEE6C82D85BD211B4E700805F85A25D329699@PHLWAYM1>
Date: Thu, 25 Feb 1999 10:16:22 -0500
Reply-To: [email protected]
Sender: [email protected]
From: "Elliott, Don (Exton, PA)" <[email protected]>
To: '[email protected]',
"'[email protected]'"
<[email protected]>,
"'wuftp'" <[email protected]>
Subject: BeroFTPD-1.3.3 configure prob. (HPUX 11.00)
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="---- =_NextPart_001_01BE60D2.BEF3EB60"
X-Mailer: Internet Mail Service (5.5.1960.3)
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------ =_NextPart_001_01BE60D2.BEF3EB60
Content-Type: text/plain

To all,

I thought that I may try once again to get some assistance with the
problem that I am having with running "configure" for BeroFTPD-1.3.3
under HPUX 11.00.

When running configure all appears normal until the following message
appears:

"checking if there is a ut_syslen field in the utmpx structure... no
checking how to determine wtmpx file... configure: error: Cannot find
out how to locate wtmpx file. Contact
[email protected]."

I've included the tail-end of the config.log below with hopes that
someone may see something that can help me get past this problem

*******CONFIG.LOG begins here**********

configure:3710: checking if there is a ut_syslen field in the utmpx
structure
configure:3720: gcc -c -g -O2 conftest.c 1>&5
configure: In function `main':
configure:3716: structure has no member named `ut_syslen'
configure: failed program was:
#line 3712 "configure"
#include "confdefs.h"
#define _GNU_SOURCE
#include <utmpx.h>
int main() {
struct utmpx ut; ut.ut_syslen=0;
; return 0; }
configure:3739: checking how to determine wtmpx file
configure:3749: gcc -c -g -O2 conftest.c 1>&5
configure: In function `main':
configure:3745: `WTMPX_FILE' undeclared (first use in this function)
configure:3745: (Each undeclared identifier is reported only once
configure:3745: for each function it appears in.)
configure: failed program was:
#line 3741 "configure"
#include "confdefs.h"
#define _GNU_SOURCE
#include <utmpx.h>
int main() {
char *x=WTMPX_FILE;
; return 0; }
configure:3769: gcc -c -g -O2 conftest.c 1>&5
configure: In function `main':
configure:3765: `_PATH_WTMPX' undeclared (first use in this function)
configure:3765: (Each undeclared identifier is reported only once
configure:3765: for each function it appears in.)
configure: failed program was:
#line 3761 "configure"
#include "confdefs.h"
#define _GNU_SOURCE
#include <utmpx.h>
int main() {
char *x=_PATH_WTMPX;
; return 0; }
configure:3789: gcc -c -g -O2 conftest.c 1>&5
configure: In function `main':
configure:3785: `WTMPX_FILENAME' undeclared (first use in this function)
configure:3785: (Each undeclared identifier is reported only once
configure:3785: for each function it appears in.)
configure: failed program was:
#line 3781 "configure"
#include "confdefs.h"
#define _GNU_SOURCE
#include <utmpx.h>
int main() {
char *x=WTMPX_FILENAME;
; return 0; }

**************************************************
Don Elliott
UNIX Analyst
Unisource Worldwide Inc.
[email protected]
610.280.5838

------ =_NextPart_001_01BE60D2.BEF3EB60
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
5.5.1960.3">
<TITLE>BeroFTPD-1.3.3 configure prob. (HPUX 11.00)</TITLE>
</HEAD>
<BODY>

To all,


I thought that I may try once again =
to get some assistance with the problem that I am having with running =
"configure" for BeroFTPD-1.3.3 under HPUX 11.00.

When running configure all appears =
normal until the following message appears:


"checking if there is a =
ut_syslen field in the utmpx structure... no
 checking how to determine wtmpx =
file... configure: error: Cannot find out how to locate wtmpx file. =
Contact [email protected]."

I've included the tail-end of the =
config.log below with hopes that someone may see something that can =
help me get past this problem

*******CONFIG.LOG begins =
here**********


configure:3710: checking if there is =
a ut_syslen field in the utmpx structure
 configure:3720: gcc -c -g -O2  =
conftest.c 1>&5
 configure: In function =
`main':
 configure:3716: structure has no =
member named `ut_syslen'
 configure: failed program =
was:
 #line 3712 =
"configure"
 #include =
"confdefs.h"
 #define _GNU_SOURCE
 #include <utmpx.h>
 int main() {
 struct utmpx ut; =
ut.ut_syslen=3D0;
 ; return 0; }
 configure:3739: checking how to =
determine wtmpx file
 configure:3749: gcc -c -g -O2  =
conftest.c 1>&5
 configure: In function =
`main':
 configure:3745: `WTMPX_FILE' =
undeclared (first use in this function)
 configure:3745: (Each undeclared =
identifier is reported only once
 configure:3745: for each function =
it appears in.)
 configure: failed program =
was:
 #line 3741 =
"configure"
 #include =
"confdefs.h"
 #define _GNU_SOURCE
 #include <utmpx.h>
 int main() {
 char *x=3DWTMPX_FILE;
 ; return 0; }
 configure:3769: gcc -c -g -O2  =
conftest.c 1>&5
 configure: In function =
`main':
 configure:3765: `_PATH_WTMPX' =
undeclared (first use in this function)
 configure:3765: (Each undeclared =
identifier is reported only once
 configure:3765: for each function =
it appears in.)
 configure: failed program =
was:
 #line 3761 =
"configure"
 #include =
"confdefs.h"
 #define _GNU_SOURCE
 #include <utmpx.h>
 int main() {
 char *x=3D_PATH_WTMPX;
 ; return 0; }
 configure:3789: gcc -c -g -O2  =
conftest.c 1>&5
 configure: In function =
`main':
 configure:3785: `WTMPX_FILENAME' =
undeclared (first use in this function)
 configure:3785: (Each undeclared =
identifier is reported only once
 configure:3785: for each function =
it appears in.)
 configure: failed program =
was:
 #line 3781 =
"configure"
 #include =
"confdefs.h"
 #define _GNU_SOURCE
 #include <utmpx.h>
 int main() {
 char *x=3DWTMPX_FILENAME;
 ; return 0; }

 
 

**************************************************</FON=
T>
 Don Elliott
 UNIX Analyst
 Unisource Worldwide Inc.
 [email protected]
 610.280.5838


</BODY>
</HTML>
------ =_NextPart_001_01BE60D2.BEF3EB60--

From [email protected] Thu Feb 25 11:21:51 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id LAA00401;
Thu, 25 Feb 1999 11:21:51 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id LAA11269;
Thu, 25 Feb 1999 11:17:02 -0600 (CST)
Received: from science.edu (wbrtr.wband.com [207.140.55.65])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id LAA18369
for <[email protected]>; Thu, 25 Feb 1999 11:15:55 -0600 (CST)
Received: (qmail 17987 invoked from network); 25 Feb 1999 18:19:27 -0000
Received: from unknown (HELO WideCast2) (192.168.1.124)
by wbrtr.wband.com with SMTP; 25 Feb 1999 18:19:27 -0000
Message-Id: <[email protected]>
Date: Thu, 25 Feb 1999 11:17:38 -0600
Reply-To: [email protected]
Sender: [email protected]
From: "D. Carlos Knowlton" <[email protected]>
To: "WU-FTP" <[email protected]>
Subject: Re: home dir: anonymous-yes, user-no (?)
MIME-Version: 1.0
Content-Type: text/plain;
charset="Windows-1252"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.0810.800
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.0810.800
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

>On Wed, 24 Feb 1999, D. Carlos Knowlton wrote:
>
>> 230-No directory! Logging in with home=/
>
>In summary:
>
> if (!anonymous && !guest) {
> if (chdir(pw->pw_dir) < 0) {
> if (chdir("/") < 0) {
> syslog (LOG_NOTICE, "FTP LOGIN FAILED (cannot chdir) for
> } else {
> lreply(230, "No directory! Logging in with home=/");
>
>A real user's /etc/passwd entry was messed up and the daemon got an error
>changing to it so it tried '/' and that worked.
>
>Check /etc/passwd for typos.

Okay, this is my password configuration: I have my passwd file in /config
(renamed 'user' for added security), and a link at /etc/passwd pointing to
it. This is the syntax of the passwd entries:

username:13CharHashPwd:1008:100:User Full Name (or
nothing):/home/user:/bin/bash

the '/usr/home/' directory has 'drwxrwxrwx' permissions, and is owned by
group 'all' (we have Samba running on this machine as well, so we set global
permissions to allow both smbd and wu-ftpd share the directories and set
their own permissions)

wu-ftpd-BETA-15 did alright with this, is there anything I need to change to
make wu-ftpd-BETA-18-vr14 work with it?

From [email protected] Thu Feb 25 11:59:31 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id LAA00848;
Thu, 25 Feb 1999 11:59:30 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id LAA21369;
Thu, 25 Feb 1999 11:55:46 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id LAA10084
for <[email protected]>; Thu, 25 Feb 1999 11:50:42 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id MAA07008;
Thu, 25 Feb 1999 12:49:46 -0500
Message-Id: <[email protected]>
Date: Thu, 25 Feb 1999 12:49:45 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: "D. Carlos Knowlton" <[email protected]>
Cc: WU-FTP <[email protected]>
Subject: Re: home dir: anonymous-yes, user-no (?)
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Thu, 25 Feb 1999, D. Carlos Knowlton wrote:

> username:13CharHashPwd:1008:100::/home/user:/bin/bash
>
> the '/usr/home/'

Which is it?

/usr/home

or

/usr/home/username

or

/home/user

or

/home/user/username

and does /./ appear in the passwd entry?

Also, any symlinks or NFS involved in these areas?

Finally, your symlink stuff on /etc/passwd is lame; all it's good for is
ensuring your successor will curse on your grave. The world-writable
directory owned by all users is just asking for trouble; I don't think
it's needed for Samba and WU-FTPD to co-exist (I certainly never needed it
when I allowed smb connections on my production servers).

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Thu Feb 25 14:18:42 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id OAA02767;
Thu, 25 Feb 1999 14:18:41 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id OAA30876;
Thu, 25 Feb 1999 14:12:43 -0600 (CST)
Received: from science.edu (wbrtr.wband.com [207.140.55.65])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id OAA24997
for <[email protected]>; Thu, 25 Feb 1999 14:08:30 -0600 (CST)
Received: (qmail 19659 invoked from network); 25 Feb 1999 21:12:03 -0000
Received: from unknown (HELO WideCast2) (192.168.1.124)
by wbrtr.wband.com with SMTP; 25 Feb 1999 21:12:03 -0000
Message-Id: <[email protected]>
Date: Thu, 25 Feb 1999 14:10:16 -0600
Reply-To: [email protected]
Sender: [email protected]
From: "D. Carlos Knowlton" <[email protected]>
To: <[email protected]>
Cc: "WU-FTP" <[email protected]>
Subject: Re: home dir: anonymous-yes, user-no (?)
MIME-Version: 1.0
Content-Type: text/plain;
charset="Windows-1252"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.0810.800
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.0810.800
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

>On Thu, 25 Feb 1999, D. Carlos Knowlton wrote:
>
>> username:13CharHashPwd:1008:100::/home/user:/bin/bash
>>
>> the '/usr/home/'
>
>Which is it?

oops, sorry
forgive my inconsitency,

it's '/home/username' (and 'home' is a symlink of '/usr/home' ('usr' being
the mount directory for '/dev/hda3', a seperate partition))

>and does /./ appear in the passwd entry?

no

>Also, any symlinks or NFS involved in these areas?

No NFS, I'm the only user with access to the Linux portion of this system,
everyone else is http, ftp, rip, or smb (individual permissions from these
don't allow write access from anyone but the owner, unless otherwise
specified for the particular application being used to access the server.).
The symlinks are mentioned above.

>Finally, your symlink stuff on /etc/passwd is lame; all it's good for is
>ensuring your successor will curse on your grave. The world-writable
>directory owned by all users is just asking for trouble; I don't think
>it's needed for Samba and WU-FTPD to co-exist (I certainly never needed it
>when I allowed smb connections on my production servers).

okay, that's fine, but does it interfere with WU-FTPD functioning properly?
(BTW I appreciate the criticism, but I'm pretty much stuck with the
configuration that I have unless there are some serious obstacles caused by
it when I upgrade to new software. (which is why I'm asking these dumb
questions =) )

-ck

From [email protected] Thu Feb 25 14:30:14 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id OAA02942;
Thu, 25 Feb 1999 14:30:14 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id OAA23907;
Thu, 25 Feb 1999 14:25:19 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id OAA23750
for <[email protected]>; Thu, 25 Feb 1999 14:24:17 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id PAA08877;
Thu, 25 Feb 1999 15:23:44 -0500
Message-Id: <[email protected]>
Date: Thu, 25 Feb 1999 15:23:43 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: "D. Carlos Knowlton" <[email protected]>
Cc: WU-FTP <[email protected]>
Subject: Re: home dir: anonymous-yes, user-no (?)
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Thu, 25 Feb 1999, D. Carlos Knowlton wrote:

> it's '/home/username' (and 'home' is a symlink of '/usr/home' ('usr'
> being the mount directory for '/dev/hda3', a seperate partition))

try it without naming the symlink in /etc/passwd.

> I'm the only user with access to the Linux portion of this system

good. except that the users are 'real' and should be 'guest' otherwise
you might was well be giving them telnet access for all the damage they
can do.

> that's fine, but does it interfere with WU-FTPD functioning properly?

the symlinks might. the permissions shouldn't (sendmail will pitch a fit
about 'em, though).

the vr versions pass everything through realpath(), so a symlink to an
unreachable area will cause problems

> (BTW I appreciate the criticism, but I'm pretty much stuck with the
> configuration that I have unless there are some serious obstacles
> caused by it when I upgrade to new software. (which is why I'm asking
> these dumb questions =) )

I understand about legacy messes .. it's a love/hate relationship .. lotsa
billable hours I'd rather fill more productively ..

Upgrades _or_ new software will give headaches. The install/upgrade
scripts will expect things to be where the usually are. That means
hand-holding the install/upgrade. Oh, joy! More wasted billable hours.

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Thu Feb 25 15:41:49 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id PAA04715;
Thu, 25 Feb 1999 15:41:48 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id PAA06421;
Thu, 25 Feb 1999 15:37:03 -0600 (CST)
Received: from science.edu (wbrtr.wband.com [207.140.55.65])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id PAA23668
for <[email protected]>; Thu, 25 Feb 1999 15:34:04 -0600 (CST)
Received: (qmail 20460 invoked from network); 25 Feb 1999 22:37:37 -0000
Received: from unknown (HELO WideCast2) (192.168.1.124)
by wbrtr.wband.com with SMTP; 25 Feb 1999 22:37:37 -0000
Message-Id: <[email protected]>
Date: Thu, 25 Feb 1999 15:35:47 -0600
Reply-To: [email protected]
Sender: [email protected]
From: "D. Carlos Knowlton" <[email protected]>
To: "WU-FTP" <[email protected]>
Subject: home dir: anonymous-yes, user-YES!! (finally)
MIME-Version: 1.0
Content-Type: text/plain;
charset="Windows-1252"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.0810.800
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.0810.800
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Hey! fixed it! (*groan*) permissions on '/usr' somehow got changed to
'd-rxw--w--' (don't ask me how...). Thanks for all the help Greg, (and
sorry for the runaround.) next time I think I'll just examine the
permissions all over more carefully. You guys do great work!

-ck

(BTW, I have installed sendmail, and mostly it works without a hitch, but
sometimes the lock files get stuck (don't delete) and users get locked out.
Could this be related to my strange file system setup? (This is a little
off topic, so if you have a comment about this, feel free to email me
directly)

Thanks again!

From [email protected] Fri Feb 26 08:14:54 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id IAA09090;
Fri, 26 Feb 1999 08:14:53 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id IAA14583;
Fri, 26 Feb 1999 08:09:45 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id IAA29179
for <[email protected]>; Fri, 26 Feb 1999 08:01:12 -0600 (CST)
Received: (from lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) id JAA17579
for [email protected]; Fri, 26 Feb 1999 09:01:04 -0500
Message-Id: <[email protected]>
Date: Fri, 26 Feb 1999 09:00:00 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: WU-FTPD Discussion List <[email protected]>
Subject: telnet.testing.HOWTO
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

This document is available on-line at:
ftp://ftp.vr.net/pub/wu-ftpd/telnet.testing.HOWTO

Often testing an FTP server with a real client can hide problems with the
server. I find it usefull to eliminate the quirks of the client software from
consideration by using Telnet instead. The operations discussed in this
document are generally usable with all FTP servers.

Although you'll see the internals of an FTP session here, it is not my
intention to teach the entire protocol. Refer to RFC 959 for a complete
discussion.

Using the system logs
---------------------
Many times, direct, by-hand testing is not needed. If you enable logging
on the command line with the -l option, you can add the following line to
your ftpaccess to see most of the conversation in your system logs. This
can often show you where the problem is occuring. If not, it will at least
allow you to follow the same command sequence as the actual client, in case
the problem depends upon the specific commands issued.

log commands real,guest,anonymous

Be warned, though, for a busy site logging all commands can make your
system logs amazingly large.

PASV downloads via telnet
-------------------------
When using PASV mode, data connections originate with the client. This
makes testing quite a bit easier since you only need a telnet client and a
calculator. (If you don't have a calculator handy, use your organic backup
system; it's slower and more error-prone, but almost everyone has one.)

Two or more telnet sessions are needed to completely test an FTP session.
I usually use multiple windows since they're easier to read, but for this
example, I'll use a single session.

First, open a telnet session to the FTP server and log in. I'll make
believe I'm Netscape Navigator while I'm at it.

$telnet ftp ftp
Trying 205.133.13.13...
Connected to ftp.vr.net.
Escape character is '^]'.
220 ftp.vr.net FTP server ready.
USER anonymous
331 Guest login ok, send your complete e-mail address as password.
PASS mozilla@
230 Guest login ok, access restrictions apply.
SYST
215 UNIX Type: L8
TYPE I
200 Type set to I.
PASV
227 Entering Passive Mode (205,133,13,13,21,169)
NLST
^]

telnet>
[1]+ Stopped telnet ftp ftp

In this example, I'm using NLST. You can use RETR to fetch a specific
file. If you're just testing the ability to do PASV connections, NLST is
fine. Break out of the current telnet session and start another. You'll
need to read and interpret the 227 response. The first four numbers are
the IP address you must connect to (usually the same as the FTP server's IP
address). The next two are the port number. You will need to do a little
math here. In this case, calculate ((21 * 256) + 169) to get the port
number, 5545. Open a session to that port. Since there is already a
transfer pending the output will display and the connection close
automatically.

$telnet ftp 5545
Trying 205.133.13.13...
Connected to ftp.vr.net.
Escape character is '^]'.
etc
pub
bin
incoming
.notar
private
dev
Connection closed by foreign host.

Back to the originial telnet session. Because this is being done on one
window, you won't see one detail: the 150 message appeared when the data
connection was openned and the 226 appreared when it completed. For long
transfers, or when things go awry, this timing is appearent (sometimes
important); which is the reason I usually use two windows for this testing.

$fg
telnet ftp ftp

150 Opening BINARY mode data connection for file list.
226 Transfer complete.
PASV
227 Entering Passive Mode (205,133,13,13,58,225)
LIST
^]

telnet>
[1]+ Stopped telnet ftp ftp

Since I used NLST earlier, and since most of the questions occur because of
'dir' and 'ls' issues (NLST and LIST), I'll do a LIST so you can see the
difference. Back to the calculator for ((58 * 256) + 225).

$telnet ftp 15073
Trying 205.133.13.13...
Connected to ftp.vr.net.
Escape character is '^]'.
total 8
dr-xr-xr-x 8 root root 1024 Feb 12 03:07 .
dr-xr-xr-x 8 root root 1024 Feb 12 03:07 ..
---------- 1 root root 0 Jun 9 1998 .notar
d--x--x--x 3 root root 1024 Sep 14 16:40 bin
d--x--x--x 2 root root 1024 Dec 24 16:31 dev
d--x--x--x 2 root root 1024 Dec 27 19:34 etc
drwxrws-wx 2 vrnet vrnet 1024 Oct 8 00:43 incoming
drwxrws--t 7 vrnet vrnet 1024 Feb 2 20:44 private
drwxrwsr-t 4 vrnet vrnet 1024 Aug 15 1998 pub
Connection closed by foreign host.

Finally, back to the control session to close the FTP session.

$fg
telnet ftp ftp

150 Opening BINARY mode data connection for /bin/ls.
226 Transfer complete.
QUIT
221-You have transferred 0 bytes in 0 files.
221-Total traffic for this session was 1146 bytes in 2 transfers.
221-Thank you for using the FTP service on ftp.vr.net.
221 Goodbye.
Connection closed by foreign host.
$

PASV uploads via telnet
-----------------------
Testing uploads (STOR command) using PASV mode via telnet is much like
testing downloads. The only difference is that whatever you type into the
data connection telnet session is stored in the uploaded file.

PORT transfers via telnet and netcat
------------------------------------
PORT mode transfers require that you have a 'listener' running, waiting for
the FTP server. The netcat utility is such a program. For downloads, set
it to listen on a port and copy what it received to your screen or a file.
For uploads, give it a file to transmit. You will need to know the IP
number and port number where netcat is waiting and you will need to supply
a PORT command instead of a PASV command so the server has this
information. An example of a port command (for the PASV port used above),
and the server's response, would be:

PORT 205,133,13,13,58,225
200 PORT command successful.

If netcat were listening on TCP port 15073 and we issued the PORT command
instead of a PASV command, the results would be similar to the PASV
transfer. I'll be honest, though, I don't even have netcat installed, so I
cannot show examples. I've never needed to test PORT mode communications;
every problem I've ever needed to test was visible using PASV mode.

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Fri Feb 26 10:34:27 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id KAA10618;
Fri, 26 Feb 1999 10:34:26 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id KAA11568;
Fri, 26 Feb 1999 10:29:27 -0600 (CST)
Received: from mailhub.fokus.gmd.de (mailhub.fokus.gmd.de [193.174.154.14])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id KAA26454
for <[email protected]>; Fri, 26 Feb 1999 10:23:48 -0600 (CST)
Received: from fokus.gmd.de (bonnie [193.175.133.192])
by mailhub.fokus.gmd.de (8.8.8/8.8.8) with ESMTP id RAA05521
for <[email protected]>; Fri, 26 Feb 1999 17:23:46 +0100 (MET)
Message-Id: <[email protected]>
Date: Fri, 26 Feb 1999 17:23:44 +0100
Reply-To: [email protected]
Sender: [email protected]
From: Lutz Henckel <[email protected]>
To: [email protected]
Subject: Upload with guestgroup
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Sender: [email protected]
X-Mailer: Mozilla 4.5 [en] (X11; U; SunOS 5.6 sun4m)
X-Accept-Language: en
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

We are using wu-ftp.2.4.2-BETA18-VR14 and have the following
problem with guest users:

/etc/ftpaccess contains:
upload /usr/ftp * no
upload /usr/ftp /pub/guest/incoming yes user group 0660 dirs 0770
guestgroup guest

/etc/passwd contains:
guest:x:5000:5001:FTP Guest:/usr/ftp/./pub/guest:/bin/sync

/etc/group
group::5001:

Directory permissions:
/usr/ftp/pub/guest drwxrws--- user group
/usr/ftp/pub/guest/incoming drwxrws--- user group

Login with user guest works fine with chroot and he/she is
directly in /usr/ftp/pub/guest directory. In ftpaccess
it is configured that nobody can upload files to
any directory except the incoming one. Nevertheless the
guest user is able to upload a file to the guest directory.
Furthermore if a file is uploaded to the incoming directory
it does not get the permissions and ownership which are specified
in the corresponding upload statement.

For anonymous FTP users uploads work correct using a simular
configuration as well as it works with the unpatched
wu-ftp.2.4.2-BETA18 version for guest users.

It would be helpfull to get some hints, about what's wrong with
this configuration or if it's a bug.

Thanks

--
Lutz Henckel Phone : ++49 / (0)30 / 3463 - 7237
GMD FOKUS Fax : ++49 / (0)30 / 3463 - 8237
Kaiserin-Augusta-Allee 31 E-Mail : [email protected]
D-10589 Berlin, Germany WWW :
http://www.fokus.gmd.de/usr/lutz.henckel

From [email protected] Fri Feb 26 10:58:40 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id KAA10935;
Fri, 26 Feb 1999 10:58:39 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id KAA10816;
Fri, 26 Feb 1999 10:55:03 -0600 (CST)
Received: from chakotay.allgaeu.org ([195.222.119.1])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id KAA10208
for <[email protected]>; Fri, 26 Feb 1999 10:50:30 -0600 (CST)
Received: from kira.allgaeu.org ([email protected] [195.222.120.194])
by chakotay.allgaeu.org (8.9.3/8.9.3) with ESMTP id RAA27916
for <[email protected]>; Fri, 26 Feb 1999 17:50:17 +0100
Received: (from maritza@localhost)
by kira.allgaeu.org (8.9.3/8.9.3) id RAA20519
for [email protected]; Fri, 26 Feb 1999 17:50:27 +0100
Message-Id: <[email protected]>
Date: Fri, 26 Feb 1999 17:50:26 +0100
Reply-To: [email protected]
Sender: [email protected]
From: Andreas Kerber <[email protected]>
To: [email protected]
Subject: odd logfile entries
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.95.3i
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

We are using wu-ftp.2.4.2-Beta18-VR14 and I was just grepping
through my logs where I found these entries:

Feb 22 13:38:56 chakotay ftpd[1525]: Accept failed: ???????
Feb 22 13:45:57 chakotay ftpd[1721]: ftp of sungold6.de.ibm.com [195.212.29.70]: data connect from 195.212.29.72 for /pub/windows/win95/misc/SF_Vis_5.exe (961982 bytes)
Feb 23 11:35:02 chakotay ftpd[8499]: ftp of wewak.styria.co.at [194.107.126.109]: data connect from 195.12.208.10 for /pub/windows/win95/misc/sf_98_02.exe (4568806 bytes)

The last two entries concern me bit, can anybody tell me what they mean?

Andreas

From [email protected] Fri Feb 26 12:19:04 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id MAA11932;
Fri, 26 Feb 1999 12:19:03 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id MAA30701;
Fri, 26 Feb 1999 12:14:04 -0600 (CST)
Received: from apollo.gat.com (apollo.gat.com [192.5.166.20])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id MAA29033
for <[email protected]>; Fri, 26 Feb 1999 12:07:12 -0600 (CST)
Received: from nt-usc (NT-USC.GAT.COM [192.5.166.179])
by apollo.gat.com (8.9.1/8.9.0) with SMTP id KAA20857
for <[email protected]>; Fri, 26 Feb 1999 10:07:10 -0800 (PST)
Message-Id: <[email protected]>
Date: Fri, 26 Feb 1999 10:07:10 -0800
Reply-To: [email protected]
Sender: [email protected]
From: Tony Warner <[email protected]>
To: [email protected]
Subject: syslog logging of connections
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Sender: [email protected]
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Hi there,

I've just installed wu-ftpd2.4.2[beta 18][VR 13] on a Digital (Compaq) Alpha
running Tru64 Unix 4.0d (Digital Unix 4.0d) (These name changes are killing
me!)

Everything seems to be working ok so far, except for one thing. The standard
ftpd that comes with all my systems (HP, Digital, SGI), when used with the -l
option, logs all connections to the ftp server. It logs the name of the
initiating
host even before a login attempt is made. This is a good thing for me, as
I can
see when probes are being conducted on my ftp ports and from where.
I can't seem to get wu-ftpd to do this. I've tried the -l option, and it
only logs
anything once a user completes a login attempt. Only then will it log
where the
user is connecting from. I've tried using the logging commands in ftpaccess,
and they work fine for what they are for, but still no initial connection
logging.

my log lines in ftpaccess are:

log commands real,guest
log transfers anonymous,real,guest inbound,outbound
log security anonymous,guest,real

I've tried various combinations of these, including not using them at all
with the -l
option in place. Still , no joy.

Any help?

Tony Warner

*********************************************************************
Tony Warner [email protected]
General Atomics (619) 455-4285

*********************************************************************

From [email protected] Fri Feb 26 12:51:09 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id MAA12345;
Fri, 26 Feb 1999 12:51:08 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id MAA18569;
Fri, 26 Feb 1999 12:46:26 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id MAA02856
for <[email protected]>; Fri, 26 Feb 1999 12:42:31 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id NAA21230;
Fri, 26 Feb 1999 13:42:09 -0500
Message-Id: <[email protected]>
Date: Fri, 26 Feb 1999 13:42:09 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: Lutz Henckel <[email protected]>
Cc: [email protected]
Subject: Re: Upload with guestgroup
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Fri, 26 Feb 1999, Lutz Henckel wrote:

> /etc/passwd contains:
> guest:x:5000:5001:FTP Guest:/usr/ftp/./pub/guest:/bin/sync
>
> /etc/group
> group::5001:

Add guest to group in /etc/group:
group::5001:guest

> It would be helpfull to get some hints, about what's wrong with
> this configuration or if it's a bug.

See ftp://ftp.vr.net/pub/wu-ftpd/upload.configuration.HOWTO

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Fri Feb 26 12:57:35 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id MAA12453;
Fri, 26 Feb 1999 12:57:34 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id MAA07265;
Fri, 26 Feb 1999 12:52:58 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id MAA08209
for <[email protected]>; Fri, 26 Feb 1999 12:47:44 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id NAA21272;
Fri, 26 Feb 1999 13:47:31 -0500
Message-Id: <[email protected]>
Date: Fri, 26 Feb 1999 13:47:31 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: Andreas Kerber <[email protected]>
Cc: [email protected]
Subject: Re: odd logfile entries
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Fri, 26 Feb 1999, Andreas Kerber wrote:

> Feb 22 13:38:56 chakotay ftpd[1525]: Accept failed: ???????

Far end went away; don't worry about it unless it happens a lot.

> Feb 22 13:45:57 chakotay ftpd[1721]: ftp of sungold6.de.ibm.com
> [195.212.29.70]: data connect from 195.212.29.72 for
> /pub/windows/win95/misc/SF_Vis_5.exe (961982 bytes)

> Feb 23 11:35:02 chakotay ftpd[8499]: ftp of wewak.styria.co.at
> [194.107.126.109]: data connect from 195.12.208.10 for
> /pub/windows/win95/misc/sf_98_02.exe (4568806 bytes)

> The last two entries concern me bit, can anybody tell me what they mean?

PASV connections came from a host other than the one which owned the
control connection.

In VR14 the PASV data connection would be refused (disconnected) without
data transfer. A compile-time option reverts VR14 to the behavior you see
here.

The reasons this is happening are:

- someone behind a (lame, IMHO) proxy
- a port scan happened along at just the right instant
- an attempt to 'steal' the PASV connection

Most likely, it's a proxy issue.

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Fri Feb 26 13:02:43 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id NAA12529;
Fri, 26 Feb 1999 13:02:43 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id MAA19088;
Fri, 26 Feb 1999 12:59:21 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id MAA20181
for <[email protected]>; Fri, 26 Feb 1999 12:54:09 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id NAA21320;
Fri, 26 Feb 1999 13:54:05 -0500
Message-Id: <[email protected]>
Date: Fri, 26 Feb 1999 13:54:05 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: Tony Warner <[email protected]>
Cc: [email protected]
Subject: Re: syslog logging of connections
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Fri, 26 Feb 1999, Tony Warner wrote:

> Everything seems to be working ok so far, except for one thing. The
> standard ftpd that comes with all my systems (HP, Digital, SGI), when
> used with the -l option, logs all connections to the ftp server. It
> logs the name of the initiating host even before a login attempt is
> made. This is a good thing for me, as I can see when probes are being
> conducted on my ftp ports and from where. I can't seem to get wu-ftpd
> to do this. I've tried the -l option, and it only logs anything once
> a user completes a login attempt. Only then will it log where the
> user is connecting from. I've tried using the logging commands in
> ftpaccess, and they work fine for what they are for, but still no
> initial connection logging.

Traditionally, WU-FTPD relies upon tcpwrappers to log this information.
If you're using inetd, you should use tcpwrappers.

For better security, I recommend running xinetd instead of inetd. xinetd
will log this information prior to passing control to the daemon without
the need for tcpwrappers.

When running VR13 in standalone daemon mode, the connection log you're
looking for should appear.

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Fri Feb 26 13:10:32 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id NAA12636;
Fri, 26 Feb 1999 13:10:31 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id NAA32637;
Fri, 26 Feb 1999 13:05:53 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id NAA21798
for <[email protected]>; Fri, 26 Feb 1999 13:03:25 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id OAA21400;
Fri, 26 Feb 1999 14:03:06 -0500
Message-Id: <[email protected]>
Date: Fri, 26 Feb 1999 14:03:06 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: Andreas Kerber <[email protected]>
Cc: [email protected]
Subject: Re: odd logfile entries
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Fri, 26 Feb 1999, Gregory A Lundberg wrote:

> > Feb 23 11:35:02 chakotay ftpd[8499]: ftp of wewak.styria.co.at
> > [194.107.126.109]: data connect from 195.12.208.10 for
> > /pub/windows/win95/misc/sf_98_02.exe (4568806 bytes)

> PASV connections came from a host other than the one which owned the
> control connection.

> The reasons this is happening are:
among others,
> - an attempt to 'steal' the PASV connection

I should also mention that, for those who haven't read it yet, there is
quite a bit more on this subject at:

ftp://ftp.vr.net/pub/wu-ftpd/ANNOUNCE-VR14

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Fri Feb 26 13:49:52 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id NAA13153;
Fri, 26 Feb 1999 13:49:51 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id NAA07969;
Fri, 26 Feb 1999 13:44:52 -0600 (CST)
Received: from smtp3.ny.us.ibm.com (smtp3.ny.us.ibm.com [198.133.22.42])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id NAA05417
for <[email protected]>; Fri, 26 Feb 1999 13:38:17 -0600 (CST)
Received: from northrelay01.pok.ibm.com (northrelay01.pok.ibm.com [9.117.200.21])
by smtp3.ny.us.ibm.com (8.8.7/8.8.7) with ESMTP id OAA81726
for <[email protected]>; Fri, 26 Feb 1999 14:38:31 -0500
Received: from D51MTA05.pok.ibm.com (d51mta05.pok.ibm.com [9.117.200.33])
by northrelay01.pok.ibm.com (8.8.7m1/NCO v1.8) with SMTP id OAA265962
for <[email protected]>; Fri, 26 Feb 1999 14:37:44 -0500
Received: by D51MTA05.pok.ibm.com(Lotus SMTP MTA Internal build v4.6.2 (651.2 6-10-1998)) id 85256724.006BD201 ; Fri, 26 Feb 1999 14:37:41 -0500
Message-Id: <[email protected]>
Date: Fri, 26 Feb 1999 14:37:17 -0500
Reply-To: [email protected]
Sender: [email protected]
From: [email protected]
To: [email protected]
Subject: malloc error: again?
Mime-Version: 1.0
Content-type: text/plain; charset=us-ascii
Content-Disposition: inline
X-Lotus-FromDomain: IBMUS
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Sorry if this is seen again... My mail systems has been on the fritz
past few days and not sure if this made it.
TIA,

EdGy

Hello,
I compiled and installed wu-ftpd-2.4.2-beta-18-vr14 on an AIX
box running AIX v4.2.1 and I'm hitting a problem that was reported back
in October 1998. I saw that there was an experimental patch(VR8.11)
back then; Did that patch ever make it back into the code? Did it ever
get off the experimental list :) ? Any suggestions on how to get this
fixed?

Thanx for all your help,

200 Type set to I.
ftp> get wu.tar w.tar
200 PORT command successful.
150 Opening BINARY mode data connection for wu.tar (0 bytes).
451 Local resource failure: malloc: Invalid argument.
ftp> 221-You have transferred 10322 bytes in 1 files.
221-Total traffic for this session was 11448 bytes in 2 transfers.
221-Thank you for using the FTP service on balrog.adtech.internet.ibm.com.
221 Goodbye.

EdGy

From [email protected] Fri Feb 26 15:38:28 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id PAA14695;
Fri, 26 Feb 1999 15:38:27 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id PAA30095;
Fri, 26 Feb 1999 15:34:43 -0600 (CST)
Received: from icarus.yml.com (icarus.yml.com [207.226.52.3])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id PAA17934
for <[email protected]>; Fri, 26 Feb 1999 15:30:16 -0600 (CST)
Received: from localhost (buffalo@localhost)
by icarus.yml.com (8.8.7/8.8.7) with ESMTP id QAA28528
for <[email protected]>; Fri, 26 Feb 1999 16:27:12 -0500
Message-Id: <[email protected]>
Date: Fri, 26 Feb 1999 16:27:12 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: [email protected]
To: [email protected]
Subject: Help! RFTP Stopped Working!
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Uh oh.

I just upgraded from wu-ftp beta (13) to beta 18 VR14 (to fix the the
recently discovered security hole), and suddenly all my restricted FTP
accounts aren't restricted anymore! Users with these accounts are no
longer be chrooted properly into their assigned directories.

I'm calling the daemon in inetd.conf with 'ftpd -a'; do I need to add a
separate switch to get restrictions to work again?

TIA,

--Duncan

From [email protected] Fri Feb 26 16:04:23 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id QAA15052;
Fri, 26 Feb 1999 16:04:23 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id PAA15851;
Fri, 26 Feb 1999 15:59:47 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id PAA07913
for <[email protected]>; Fri, 26 Feb 1999 15:53:32 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id QAA23183;
Fri, 26 Feb 1999 16:52:38 -0500
Message-Id: <[email protected]>
Date: Fri, 26 Feb 1999 16:52:38 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: [email protected]
Cc: [email protected]
Subject: Re: Help! RFTP Stopped Working!
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Fri, 26 Feb 1999 [email protected] wrote:

> I just upgraded from wu-ftp beta (13) to beta 18 VR14 (to fix the the
> recently discovered security hole), and suddenly all my restricted FTP
> accounts aren't restricted anymore! Users with these accounts are no
> longer be chrooted properly into their assigned directories.
>
> I'm calling the daemon in inetd.conf with 'ftpd -a'; do I need to add
> a separate switch to get restrictions to work again?

Most problems show some symptom in the system logs. Check there to see if
the diagnosis shows.

Read through ftp://ftp.vr.net/pub/wu-ftpd/upload.configuration.HOWTO and
check your configuration carefully against that and the Guest-HOWTO. If
you're still having problems, email me with configuration info,
/etc/passwd and /etc/group examples and a carefull description of the
problem.

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Fri Feb 26 17:14:57 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id RAA15847;
Fri, 26 Feb 1999 17:14:57 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id RAA24722;
Fri, 26 Feb 1999 17:10:22 -0600 (CST)
Received: from mailhost3.lanl.gov (mailhost3.lanl.gov [128.165.3.9])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id RAA12247
for <[email protected]>; Fri, 26 Feb 1999 17:04:32 -0600 (CST)
Received: from cic-mail.lanl.gov (cic-mail.lanl.gov [128.165.3.68])
by mailhost3.lanl.gov (8.9.3/8.9.3/(cic-5, 2/8/99)) with ESMTP id QAA10747;
Fri, 26 Feb 1999 16:04:27 -0700
Received: from [128.165.115.169] (zing.lanl.gov [128.165.115.169])
by cic-mail.lanl.gov (8.9.3/8.9.3/(cic-5, 2/9/99)) with ESMTP id QAA06917;
Fri, 26 Feb 1999 16:04:29 -0700 (MST)
Message-Id: <v04103d0ab2fcd7b78979@[128.165.115.169]>
Date: Fri, 26 Feb 1999 16:04:07 -0700
Reply-To: [email protected]
Sender: [email protected]
From: John McDermon <[email protected]>
To: [email protected]
Cc: [email protected]
Subject: FTP Shutdown Messages
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
X-Sender: [email protected]
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Running wu-ftpd-2.4.2-beta-18-vr13

I have commented out the following line in my ftpaccess file:
#shutdown /etc/ftpmsgs/shutmsg

But whenever I quit or am disconnected from an FTP session I get an
extra window on my Mac Client (Fetch 3.03) that says:

221-You have transferred 0 bytes in 0 files.
221-Total traffic for this session was 4868 bytes in 1 transfers.
221-Thank you for using the FTP service on congress.lanl.gov.
221 Goodbye.

This is new since upgrading to this version (we were at plain beta17
before the upgrade).

Where is this coming from and how can I turn it off?

Also, where can I set the FTP connection timeout period?

TIA,
--John

From [email protected] Fri Feb 26 17:32:50 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id RAA16018;
Fri, 26 Feb 1999 17:32:49 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id RAA16700;
Fri, 26 Feb 1999 17:29:32 -0600 (CST)
Received: from gw1.bfg.com (gateway.bfg.com [131.187.253.2])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id RAA29017
for <[email protected]>; Fri, 26 Feb 1999 17:28:47 -0600 (CST)
Received: (from uucp@localhost)
by gw1.bfg.com (8.8.8/8.8.8) id SAA25219;
Fri, 26 Feb 1999 18:28:44 -0500 (EST)
Received: from ns1.bfg.com(192.73.67.20) by gw1.bfg.com via smap (V2.1)
id sma025103; Fri, 26 Feb 99 18:28:19 -0500
Received: from localhost (keller@localhost)
by ns1.bfg.com (8.8.8/8.8.8) with SMTP id SAA02159;
Fri, 26 Feb 1999 18:28:16 -0500 (EST)
Message-Id: <[email protected]>
Date: Fri, 26 Feb 1999 18:28:13 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Ted Keller <[email protected]>
To: John McDermon <[email protected]>
Cc: [email protected], [email protected]
Subject: Re: FTP Shutdown Messages
In-Reply-To: <v04103d0ab2fcd7b78979@[128.165.115.169]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

John,

This is a little added feature of the VR series - just providing a small
summary of the ftp activity you just completed.

Looks like this is selectable by undefining TRANSFER_COUNT in the config.h
file.

ted keller - bfg.com

On Fri, 26 Feb 1999, John McDermon wrote:

> Running wu-ftpd-2.4.2-beta-18-vr13
>
> I have commented out the following line in my ftpaccess file:
> #shutdown /etc/ftpmsgs/shutmsg
>
> But whenever I quit or am disconnected from an FTP session I get an
> extra window on my Mac Client (Fetch 3.03) that says:
>
> 221-You have transferred 0 bytes in 0 files.
> 221-Total traffic for this session was 4868 bytes in 1 transfers.
> 221-Thank you for using the FTP service on congress.lanl.gov.
> 221 Goodbye.
>
> This is new since upgrading to this version (we were at plain beta17
> before the upgrade).
>
> Where is this coming from and how can I turn it off?
>
> Also, where can I set the FTP connection timeout period?
>
> TIA,
> --John
>

From [email protected] Fri Feb 26 17:59:33 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id RAA16295;
Fri, 26 Feb 1999 17:59:32 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id RAA00224;
Fri, 26 Feb 1999 17:56:13 -0600 (CST)
Received: from caracal.noc.ucla.edu (caracal.noc.ucla.edu [169.232.10.11])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id RAA14748
for <[email protected]>; Fri, 26 Feb 1999 17:54:54 -0600 (CST)
Received: from a11exchange.ais.ucla.edu (smtp.ais.ucla.edu [164.67.133.60])
by caracal.noc.ucla.edu (8.9.1a/8.9.1) with ESMTP id PAA15706
for <[email protected]>; Fri, 26 Feb 1999 15:54:52 -0800 (PST)
Received: by smtp.ais.ucla.edu with Internet Mail Service (5.5.2448.0)
id <1QKX02QZ>; Fri, 26 Feb 1999 15:53:25 -0800
Message-Id: <[email protected]>
Date: Fri, 26 Feb 1999 15:53:24 -0800
Reply-To: [email protected]
Sender: [email protected]
From: "Yard, John" <[email protected]>
To: "'[email protected]'" <[email protected]>
Subject: send faq
X-Mailer: Internet Mail Service (5.5.2448.0)
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

From [email protected] Fri Feb 26 17:59:56 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id RAA16305;
Fri, 26 Feb 1999 17:59:55 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id RAA10453;
Fri, 26 Feb 1999 17:55:19 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id RAA26044
for <[email protected]>; Fri, 26 Feb 1999 17:50:45 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id SAA24231;
Fri, 26 Feb 1999 18:50:40 -0500
Message-Id: <[email protected]>
Date: Fri, 26 Feb 1999 18:50:40 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: Ted Keller <[email protected]>
Cc: John McDermon <[email protected]>, [email protected], [email protected]
Subject: Re: FTP Shutdown Messages
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Fri, 26 Feb 1999, Ted Keller wrote:

> Looks like this is selectable by undefining TRANSFER_COUNT in the
> config.h file.

It is.

> > Also, where can I set the FTP connection timeout period?

Check the new ftpaccess manpage.
limit-time sets total connect-time limits.

And the ftpd manpage.
-t sets the default idle timeout
-T sets the maximum idle timeout the user may ask for

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Fri Feb 26 18:24:32 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id SAA16527;
Fri, 26 Feb 1999 18:24:31 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id SAA21748;
Fri, 26 Feb 1999 18:21:11 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id SAA07607
for <[email protected]>; Fri, 26 Feb 1999 18:19:20 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id TAA24390;
Fri, 26 Feb 1999 19:19:09 -0500
Message-Id: <[email protected]>
Date: Fri, 26 Feb 1999 19:19:09 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: "Yard, John" <[email protected]>
Cc: "'[email protected]'" <[email protected]>
Subject: Re: send faq
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

wu-ftpd Resource Center: http://www.landfield.com/wu-ftpd/
wu-ftpd FAQ: http://www.cetis.hvu.nl/~koos/wu-ftpd-faq.html
wu-ftpd list archive: http://www.landfield.com/wu-ftpd/mail-archive/

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Sat Feb 27 09:27:27 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id JAA11939;
Sat, 27 Feb 1999 09:27:27 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id JAA19562;
Sat, 27 Feb 1999 09:22:32 -0600 (CST)
Received: from icarus.yml.com ([email protected] [207.226.52.3])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id JAA22357
for <[email protected]>; Sat, 27 Feb 1999 09:18:58 -0600 (CST)
Received: from localhost (buffalo@localhost)
by icarus.yml.com (8.8.7/8.8.7) with ESMTP id KAA29327
for <[email protected]>; Sat, 27 Feb 1999 10:18:44 -0500
Message-Id: <[email protected]>
Date: Sat, 27 Feb 1999 10:18:44 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: [email protected]
To: Wu-ftpd List <[email protected]>
Subject: RFTP Failure Mystery
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Fri, 26 Feb 1999, Gregory A Lundberg wrote:

> Good point. I use the new greeting ftpaccess clause myself. Without it
> the daemon should show its version on connection. With greeting brief it
> should only show the hostname. With greeting terse it should just say the
> FTP server is ready.

Well, I've confirmed that it's definitely the new version of the daemon.
So now it's a bonifide mystery:

* RFTP was working on this system for over a year with beta-13 for 50+
accounts.

* Configuration (ftpaccess, etc.) files weren't altered.

* RFTP Account configurations weren't altered.

* The only change was to replace the beta-13 executable with beta-18/VR-14
executable (to fix the recently discovered security hole).

* The daemon is being called with the correct switch (-a) in inetd.conf.

* It was built using the normal 'build' script process on a Solaris 2.5.1
system, and compiled without errors using gcc.

* After installing the new daemon, access restrictions on RFTP accounts
suddenly stopped working; RFTP accounts can now 'cd' all over the system.

What could possibly explain this problem? Has anyone else experienced this
after moving up to the new version of the daemon?

Any thoughts or suggestions would be highly appreciated.

--Duncan

From [email protected] Sat Feb 27 11:02:02 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id LAA12658;
Sat, 27 Feb 1999 11:02:02 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id KAA16796;
Sat, 27 Feb 1999 10:58:46 -0600 (CST)
Received: from mail-atm.nycap.rr.com ([email protected] [24.92.32.1])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id KAA20777
for <[email protected]>; Sat, 27 Feb 1999 10:58:02 -0600 (CST)
Received: from yua2.nycap.rr.com (cisco-56-184.nycap.rr.com [24.92.56.184])
by mail-atm.nycap.rr.com (8.9.1/8.9.1) with SMTP id LAA24251
for <[email protected]>; Sat, 27 Feb 1999 11:57:59 -0500 (EST)
Message-Id: <[email protected]>
Date: Sat, 27 Feb 1999 11:59:36 -0500
Reply-To: [email protected]
Sender: [email protected]
From: Alex Yu <[email protected]>
To: Wu-ftpd List <[email protected]>
Subject: WU-FTPD Configuration
In-Reply-To: <[email protected]>
References: <[email protected]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Sender: [email protected]
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Hello,

How would I insert an option in inetd.conf file so that when users (not
anonymous) uploading files through ftp, their file will be ug+rw,o+x? Can
I also config it in ftpaccess so that some dirs will have 644 mode, and
some will have 600 mode. (only users who are on the box.)

Thanks for your comment,
Alex

From [email protected] Sat Feb 27 11:14:46 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id LAA12809;
Sat, 27 Feb 1999 11:14:45 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id LAA08794;
Sat, 27 Feb 1999 11:11:28 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id LAA21399
for <[email protected]>; Sat, 27 Feb 1999 11:11:07 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id MAA30846;
Sat, 27 Feb 1999 12:10:57 -0500
Message-Id: <[email protected]>
Date: Sat, 27 Feb 1999 12:10:56 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: Alex Yu <[email protected]>
Cc: Wu-ftpd List <[email protected]>
Subject: Re: WU-FTPD Configuration
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Sat, 27 Feb 1999, Alex Yu wrote:

> How would I insert an option in inetd.conf file so that when users
> (not anonymous) uploading files through ftp, their file will be
> ug+rw,o+x? Can I also config it in ftpaccess so that some dirs will
> have 644 mode, and some will have 600 mode. (only users who are on the
> box.)

In /etc/ftpaccess, to control this on by access-class, use defumask. See
the manpage for ftpaccess.

On the command line, to control the default umask when you do not use
defumask, add the -u switch. See the manpage for ftpd.

In most cases, both these are the WRONG WAY (tm) to handle this issue.
See ftp://ftp.vr.net/pub/wu-ftpd/upload.configuration.HOWTO for a better
way.

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Sat Feb 27 12:32:38 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id MAA13561;
Sat, 27 Feb 1999 12:32:38 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id MAA08872;
Sat, 27 Feb 1999 12:29:19 -0600 (CST)
Received: from mailman.lanl.gov (mailman.lanl.gov [128.165.5.1])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id MAA03144
for <[email protected]>; Sat, 27 Feb 1999 12:28:08 -0600 (CST)
Received: from cic-mail.lanl.gov (cic-mail.lanl.gov [128.165.3.68])
by mailman.lanl.gov (8.9.3/8.9.3/(cic-5, 2/8/99)) with ESMTP id LAA09720;
Sat, 27 Feb 1999 11:28:06 -0700
Received: from [128.165.7.91] (ts-usr-91.lanl.gov [128.165.7.91])
by cic-mail.lanl.gov (8.9.3/8.9.3/(cic-5, 2/9/99)) with ESMTP id LAA06021;
Sat, 27 Feb 1999 11:28:02 -0700 (MST)
Message-Id: <v04103d01b2fde715028a@[128.165.7.91]>
Date: Sat, 27 Feb 1999 11:27:55 -0700
Reply-To: [email protected]
Sender: [email protected]
From: John McDermon <[email protected]>
To: [email protected]
Cc: [email protected]
Subject: Re: FTP Shutdown Messages
In-Reply-To: <[email protected]>
References: <[email protected]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
X-Sender: [email protected]
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

So what am I doing wrong?

I inserted the following line in the src/config.h

#undef TRANSFER_COUNT

Then I recompiled, verified the date of the new ftpd executable and
installed. BUT, I still get the message:

221-You have transferred 0 bytes in 0 files.
221-Total traffic for this session was 4772 bytes in 1 transfers.
221-Thank you for using the FTP service on congress.lanl.gov.
221 Goodbye.

I checked the code and the ifdef statements looks OK, but the code
keeps getting included as witnessed by the message still showing up
and a strings on the executable. :(

Did I miss something?
--John

> On Fri, 26 Feb 1999, Ted Keller wrote:
>
>> Looks like this is selectable by undefining TRANSFER_COUNT in the
>> config.h file.
>
> It is.
>
>> > Also, where can I set the FTP connection timeout period?
>
> Check the new ftpaccess manpage.
> limit-time sets total connect-time limits.
>
> And the ftpd manpage.
> -t sets the default idle timeout
> -T sets the maximum idle timeout the user may ask for
>
> --
>
> Gregory A Lundberg Senior Partner, VRnet Company
> 1441 Elmdale Drive [email protected]
> Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Sat Feb 27 13:04:52 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id NAA13907;
Sat, 27 Feb 1999 13:04:51 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id NAA10126;
Sat, 27 Feb 1999 13:01:36 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id MAA16268
for <[email protected]>; Sat, 27 Feb 1999 12:59:34 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id NAA31477;
Sat, 27 Feb 1999 13:59:30 -0500
Message-Id: <[email protected]>
Date: Sat, 27 Feb 1999 13:59:29 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: John McDermon <[email protected]>
Cc: [email protected]
Subject: Re: FTP Shutdown Messages
In-Reply-To: <v04103d01b2fde715028a@[128.165.7.91]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Sat, 27 Feb 1999, John McDermon wrote:

> I inserted the following line in the src/config.h
>
> #undef TRANSFER_COUNT

Inserted? Look further down, does it still have the #define? I'd say
should should change the #define to #under or _append_ the #undef

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Sat Feb 27 13:56:38 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id NAA14402;
Sat, 27 Feb 1999 13:56:37 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id NAA25057;
Sat, 27 Feb 1999 13:53:14 -0600 (CST)
Received: from mailhost.lanl.gov (mailhost.lanl.gov [128.165.3.12])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id NAA12025
for <[email protected]>; Sat, 27 Feb 1999 13:49:13 -0600 (CST)
Received: from cic-mail.lanl.gov (cic-mail.lanl.gov [128.165.3.68])
by mailhost.lanl.gov (8.9.3/8.9.3/(cic-5, 2/8/99)) with ESMTP id MAA30876;
Sat, 27 Feb 1999 12:49:09 -0700
Received: from [128.165.7.91] (ts-usr-91.lanl.gov [128.165.7.91])
by cic-mail.lanl.gov (8.9.3/8.9.3/(cic-5, 2/9/99)) with ESMTP id MAA11598;
Sat, 27 Feb 1999 12:49:06 -0700 (MST)
Message-Id: <v04103d03b2fdfc27fad5@[128.165.7.91]>
Date: Sat, 27 Feb 1999 12:48:46 -0700
Reply-To: [email protected]
Sender: [email protected]
From: John McDermon <[email protected]>
To: Gregory A Lundberg <[email protected]>
Cc: [email protected]
Subject: Re: FTP Shutdown Messages
In-Reply-To: <[email protected]>
References: <v04103d01b2fde715028a@[128.165.7.91]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
X-Sender: [email protected]
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

There is no other line with TRANSFER_COUNT in the src/config.h file.

In fact there is no mention of TRANSFER_COUNT in any of the config
files in src/config/config.*

Now I'm wondering where it's defined in the first place?

--John

At 13:59 -0500 2/27/99, Gregory A Lundberg wrote:
> On Sat, 27 Feb 1999, John McDermon wrote:
>
>> I inserted the following line in the src/config.h
>>
>> #undef TRANSFER_COUNT
>
> Inserted? Look further down, does it still have the #define? I'd say
> should should change the #define to #under or _append_ the #undef
>
> --
>
> Gregory A Lundberg Senior Partner, VRnet Company
> 1441 Elmdale Drive [email protected]
> Kettering, OH 45409-1615 USA 1-800-809-2195

+-------------------------------------------------+
| John McDermon, voice mail 7-7315 Fax 5-1002 |
| CIC-2, MS F608 cell 699-4910, page 104-8665 |
+-------------------------------------------------+

From [email protected] Sat Feb 27 14:09:16 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id OAA14532;
Sat, 27 Feb 1999 14:09:15 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id OAA24139;
Sat, 27 Feb 1999 14:06:01 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id OAA05461
for <[email protected]>; Sat, 27 Feb 1999 14:01:55 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id PAA31945;
Sat, 27 Feb 1999 15:01:49 -0500
Message-Id: <[email protected]>
Date: Sat, 27 Feb 1999 15:01:49 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: John McDermon <[email protected]>
Cc: [email protected]
Subject: Re: FTP Shutdown Messages
In-Reply-To: <v04103d03b2fdfc27fad5@[128.165.7.91]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Sat, 27 Feb 1999, John McDermon wrote:

> Date: Sat, 27 Feb 1999 12:48:46 -0700
> In fact there is no mention of TRANSFER_COUNT in any of the config
> files in src/config/config.*
>
> Now I'm wondering where it's defined in the first place?

config.h

src/config.h cannot be edited, change src/config/config.<os> instead

src/config/config.<os> is for platform specific hacks and shouldn't need
changes unless you're porting to a new platform or have found that some
other (probably os-vendor-initiated) change has occurred.

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Sat Feb 27 14:10:00 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id OAA14545;
Sat, 27 Feb 1999 14:10:00 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id OAA16841;
Sat, 27 Feb 1999 14:06:44 -0600 (CST)
Received: from mail1.dh.trw.com (mail1.dh.trw.com [129.193.109.1])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id OAA13717
for <[email protected]>; Sat, 27 Feb 1999 14:03:04 -0600 (CST)
Received: from trw.com ([129.4.74.179]) by mail1.dh.trw.com
(Netscape Messaging Server 3.5) with ESMTP id AAA5A72
for <[email protected]>; Sat, 27 Feb 1999 12:02:32 -0800
Message-Id: <[email protected]>
Date: Sat, 27 Feb 1999 12:02:32 -0800
Reply-To: [email protected]
Sender: [email protected]
From: "Scott Parmenter" <[email protected]>
To: wuftplist <[email protected]>
Subject: ftpcount file locking
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Mailer: Mozilla 4.04 [en] (Win95; U)
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Why does ftpcount.c unlock the pid file at the end of acl_countusers()
when it never locks it in the first place? Shouldn't it do so?

Thanks,
Scott

From [email protected] Sat Feb 27 14:16:09 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id OAA14614;
Sat, 27 Feb 1999 14:16:08 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id OAA03909;
Sat, 27 Feb 1999 14:12:27 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id OAA08646
for <[email protected]>; Sat, 27 Feb 1999 14:06:42 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id PAA31979
for <[email protected]>; Sat, 27 Feb 1999 15:06:39 -0500
Message-Id: <[email protected]>
Date: Sat, 27 Feb 1999 15:06:39 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: WU-FTPD Discussion List <[email protected]>
Subject: Added info for upload.configuration.HOWTO
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

The earlier question about umasks got me to thinking. I've added a few
sections to

ftp://ftp.vr.net/pub/wu-ftpd/upload.configuration.HOWTO

concerning umasks and a few other features. This is what I added:

--

umasks for guest and real users
-------------------------------
In most cases you will want to allow guest and real users to control the
permissions on their own files and directories. As in the examples shown,
if there are no specific permissions given on upload clauses, any new files
or directories created will have all permissions set. umasks can be used
to reduce these permissions.

The daemon has a command-line option (-u) to set the default umask for all
users. Follow the -u option with an octal permissions mask. Bits in this
mask are permissions to turn off whenever the daemon creates a new file or
directory. The manpage for ftpd documents the -u option.

Often times, the global -u option is not sufficient. In the ftpaccess
file, you can control umasks by class by using the defumask clause. If no
class is given, defumask overrides the -u umask from the command line. If
the current user is a member of the named class, defumask overrides the
umask setting for this user only.

For example, assume there are several classes of users

class admin real 10.0.0.0/8 127.0.0.0/8
class local guest 10.0.0.0/8 127.0.0.0/8
class remote guest *
class anon anonymous *

( Notice, by the way, in this example, real users will not be allowed
access unless from the local network since they are not in any class when
coming from an outside IP address. Since the daemon gives no clue to the
remote user in this case, to outside addresses it will appear as if the
admin users do not exist on the server. The specific cause for their login
failure will appear in your system logs. )

We can control the umask by class for these users. For example, we might
say:

defumask 0377
defumask 0177 admin
defumask 0133 local remote

The first clause applies whenever another defumask clause does not match
the current user's class. This is the same as adding '-u 0377' to the
command line for the FTP daemon. In this case, the clause applies only to
anonymous users since all other classes have specific default umasks given.

The second turns off execute permissions, as well as group- and world- read
and write permissions, for all files and directories created by real users
(users in the admin class).

The last rule turns off execute permissions and group- and world-write
permissions for files and directories created by guests (in the local and
remote classes).

Remember that umasks apply to ALL files and directories created EXCEPT
those where an upload clause applies AND the upload clause gives specific
permissions. Disabling execute permissions will cause problems using newly
created directories; leaving them enabled is unsafe because all files
uploaded will have execute permission and could, therefore, be used in
attempts to break into the server.

I recommend disabling all execute permissions and instructing your users to
use the chmod command to add execute permissions to directories or to
change the umask before creating directories. This may be a bit more work
for your users, but it is safer than having a Trojan Horse program marked
executable just waiting for someone, possibly root, to try running it.

umask and chmod command restrictions
------------------------------------
As just mentioned, users have the ability to change the current umask and
modify the permissions on files and directories.

Obviously, you will want to disable this feature for anonymous users. You
may also want to control who may use these features for your guest and real
users. The defaults should be acceptable for most sites. The default
settings are equivalent to the following (which you may want to add to your
ftpaccess file so you don't forget):

chmod no anonymous
chmod yes real,guest

umask no anonymous
umask yes real,guest

If, for example, you wanted to disable these commands for guests accessing
the server from outside the local network, you could add the following:

chmod no class=remote
umask no class=remote

Be sure to insert these _before_ the 'yes' clauses. Order is important;
the daemon will apply the first matching rule it finds. If you do
something like this, it is probably safer to rewrite the clauses to deny
everything but what you allow. For example:

chmod yes real,class=local
umask yes real,class=local
chmod no guest,anonymous
umask no guest,anonymous

Delete, overwrite, rename restrictions
--------------------------------------
The daemon also provides control over the user's ability to delete, over-
write and rename files. Again, the defaults are probably acceptable in
most cases. These are:

delete no anonymous
delete yes real,guest

rename no anonymous
rename yes real,guest

overwrite no anonymous
overwrite yes real,guest

As with the chmod and umask clauses, you can control these by class as
well. Continuing the above example, restricting these to local users only,
we could instead say:

delete yes real,class=local
rename yes real,class=local
overwrite yes real,class=local
delete no guest,anonymous
rename no guest,anonymous
overwrite no guest,anonymous

Per-class upload clauses
------------------------
Just as we can restrict the ability to change permissions, delete files,
etc., we can also define upload clauses which apply only to specific
classes of users. For instance, with the classes from the above examples,
we can revoke upload rights for remote guests.

For example, we can deny all uploads the remote guests except to their
personal tmp directories:

upload class=remote /home/users/* * no
upload class=remote /home/users/* /*/tmp yes nodirs

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Sat Feb 27 14:28:54 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id OAA14784;
Sat, 27 Feb 1999 14:28:53 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id OAA12326;
Sat, 27 Feb 1999 14:25:37 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id OAA04004
for <[email protected]>; Sat, 27 Feb 1999 14:20:13 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id PAA32085;
Sat, 27 Feb 1999 15:19:38 -0500
Message-Id: <[email protected]>
Date: Sat, 27 Feb 1999 15:19:37 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: Scott Parmenter <[email protected]>
Cc: wuftplist <[email protected]>
Subject: Re: ftpcount file locking
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Sat, 27 Feb 1999, Scott Parmenter wrote:

> Why does ftpcount.c unlock the pid file at the end of acl_countusers()
> when it never locks it in the first place? Shouldn't it do so?

Good question. Probably someone was working on it years ago and never
finished. Wanna cook up a patch to add locking, or remove unlocking and
send it over?

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Sun Feb 28 06:07:39 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id GAA22539;
Sun, 28 Feb 1999 06:07:38 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id GAA03121;
Sun, 28 Feb 1999 06:02:54 -0600 (CST)
Received: from mail.hol.gr ([email protected] [194.30.192.21])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id FAA13718
for <[email protected]>; Sun, 28 Feb 1999 05:57:58 -0600 (CST)
Received: from chaos ([email protected] [194.30.193.15] (may be forged))
by mail.hol.gr (8.8.8/12.0.0) with SMTP id NAA27866
for <[email protected]>; Sun, 28 Feb 1999 13:57:56 +0200 (EET)
Message-Id: <[email protected]>
Date: Sun, 28 Feb 1999 13:58:05 +0200
Reply-To: [email protected]
Sender: [email protected]
From: "Themistoklis Kordogiannis" <[email protected]>
To: <[email protected]>
Subject: Minor Problems After Upgrading to Beta18-VR14
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-7"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0
X-MimeOLE: Produced By Microsoft MimeOLE V4.72.2106.4
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

After the upgrade to Beta18-VR14 i seem to have one 'problem' and a
question.

First of all the problem :) . For some reason, i'm using iisstat (1.05a) to
parse the log files from my ftp servers. For some reason after i installed
wu-ftpd 2.4.2-Beta18-VR14 all reports come out empty. It seems that the
program can no longer recognise the format of the log file that the ftp
deamon produces.

I seem to have found the problem, and that where i need your help!

Before the upgrade a normal line in the log file would be like this
(all in one line!... no wraps) :

Mon Feb 1 04:11:14 1999 8 hlr-81-187.tm.net.my 40960
/home/ftp/.core/sdb1/ftp.maxtor.com/main/ide.exe b _ o a [email protected] ftp
0 *

After the upgrade the line looks like this :

Sun Feb 28 13:12:32 1999 1 209.167.90.84 40960
/home/ftp/.core/sdb1/ftp.adaptec.com/BBS/win95/dcd25up.exe b _ o a
[email protected] ftp 0 * i

Notice the small "i" at the end of the line. THAT's what is causing the
problem!
I went through the xferlog.5 man page, just to find out what that "i" is,
but
the desription of the log format end at the "*".

Does anybody know what that "i" stands for? I've never used before a VR
version
so i don't know if it's something with VR14 or not.

The question i had now is, that after upgrading to VR14, in the log file
instead of
all downloads been logged with a root path the directory the FTP Server
chroot's to,
they are logged with the real path. Is there a way to change that to the old
way?
(Just a question,it's not much of a problem, i can always change the perl
exp's that
the statistical program looks for)

Regards
Themis

From [email protected] Sun Feb 28 08:04:18 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id IAA23222;
Sun, 28 Feb 1999 08:04:17 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id HAA14770;
Sun, 28 Feb 1999 07:59:36 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id HAA00728
for <[email protected]>; Sun, 28 Feb 1999 07:50:19 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id IAA05405;
Sun, 28 Feb 1999 08:49:35 -0500
Message-Id: <[email protected]>
Date: Sun, 28 Feb 1999 08:49:35 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: Themistoklis Kordogiannis <[email protected]>
Cc: [email protected]
Subject: Re: Minor Problems After Upgrading to Beta18-VR14
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Sun, 28 Feb 1999, Themistoklis Kordogiannis wrote:

> iisstat (1.05a) to parse the log files from my ftp servers

I've not had any other reports of problems with iisstat. Is 1.05a the
current version?

> Notice the small "i" at the end of the line. THAT's what is causing
> the problem! I went through the xferlog.5 man page, just to find out
> what that "i" is, but the desription of the log format end at the "*".

Though I'd updated the xferlog manpage. I'll check to make sure.
Anyway, the code added to the end is 'c' or 'i' to indicate whether or not
the daemon thinks the transfer was completed. Take it with a BIG grain of
salt right now, false-complete is common and false-incomplete is possible
(especially with IE as the client, but all we FTP folk know how broken IE
is). I never took it out because, even with the false readings, I find it
handy as a rough gauge of how well things are going.

> The question i had now is, that after upgrading to VR14, in the log
> file instead of all downloads been logged with a root path the
> directory the FTP Server chroot's to, they are logged with the real
> path. Is there a way to change that to the old way?

Um .. nobody who's noticed has bothered to ask for it?

> (Just a question,it's not much of a problem, i can always change the
> perl exp's that the statistical program looks for)

Yes. I use it to split the analysis before running per-customer reports.
My Perl split also removes the chroot base, so the customer's report is
just like it always was and I don't have to worry about a pile of
logfiles, just the One True Xferlog.

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Sun Feb 28 08:14:15 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id IAA23291;
Sun, 28 Feb 1999 08:14:14 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id IAA18071;
Sun, 28 Feb 1999 08:11:00 -0600 (CST)
Received: from mail.hol.gr ([email protected] [194.30.192.21])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id IAA23669
for <[email protected]>; Sun, 28 Feb 1999 08:04:24 -0600 (CST)
Received: from chaos ([email protected] [194.30.193.15] (may be forged))
by mail.hol.gr (8.8.8/12.0.0) with SMTP id QAA07555
for <[email protected]>; Sun, 28 Feb 1999 16:04:21 +0200 (EET)
Message-Id: <[email protected]>
Date: Sun, 28 Feb 1999 16:04:17 +0200
Reply-To: [email protected]
Sender: [email protected]
From: "Themistoklis Kordogiannis" <[email protected]>
To: <[email protected]>
Subject: RE: Minor Problems After Upgrading to Beta18-VR14
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0
X-MimeOLE: Produced By Microsoft MimeOLE V4.72.2106.4
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

> > iisstat (1.05a) to parse the log files from my ftp servers
>
> I've not had any other reports of problems with iisstat. Is 1.05a the
> current version?

i've checked it today and it is the latest version.......

>
> > Notice the small "i" at the end of the line. THAT's what is causing
> > the problem! I went through the xferlog.5 man page, just to find out
> > what that "i" is, but the desription of the log format end at the "*".
>
> Though I'd updated the xferlog manpage. I'll check to make sure.
> Anyway, the code added to the end is 'c' or 'i' to indicate whether or not
> the daemon thinks the transfer was completed. Take it with a BIG grain of
> salt right now, false-complete is common and false-incomplete is possible
> (especially with IE as the client, but all we FTP folk know how broken IE
> is). I never took it out because, even with the false readings, I find it
> handy as a rough gauge of how well things are going.

After going through the longs again, i figured that it might be something
like that.
I'll check to see if i can make iisstat accept this option too.....

Anybody else here uses iisstat with the VR version of wu-ftpd???

Themis

From [email protected] Sun Feb 28 08:28:19 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id IAA23381;
Sun, 28 Feb 1999 08:28:18 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id IAA27773;
Sun, 28 Feb 1999 08:23:48 -0600 (CST)
Received: from alpha02.ihep.ac.cn (alpha02.ihep.ac.cn [202.38.128.10])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id IAA16783
for <[email protected]>; Sun, 28 Feb 1999 08:18:07 -0600 (CST)
Received: from localhost by alpha02.ihep.ac.cn (5.65v4.0/1.1.19.2/12Jan99-1106AM)
id AA10021; Sun, 28 Feb 1999 22:17:07 +0800
Message-Id: <[email protected]>
Date: Sun, 28 Feb 1999 22:17:07 +0800 (CST)
Reply-To: [email protected]
Sender: [email protected]
From: "Cai, Xuejun" <[email protected]>
To: [email protected]
Subject: How to enable 'site exec index' on Redhat5.2
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Hi, list

My users want to use the 'site exec index' command to locate file. But I
can't find answers from FAQ the list's archive. What need I do in server
side to enable this function?

Thanks in advance!

Cai Xuejun

|=================================================
| Cai, Xuejun
| Tel: (+86-10) 68236038(o) 68244467(h)
! http://alpha01.ihep.ac.cn/~caixj
| Public PGP key:
| http://alpha01.ihep.ac.cn/~caixj/DSSkey.txt
|=================================================

From [email protected] Sun Feb 28 09:05:50 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id JAA23644;
Sun, 28 Feb 1999 09:05:50 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id JAA14893;
Sun, 28 Feb 1999 09:02:35 -0600 (CST)
Received: from mail.hol.gr ([email protected] [194.30.192.21])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id IAA32202
for <[email protected]>; Sun, 28 Feb 1999 08:57:30 -0600 (CST)
Received: from chaos ([email protected] [194.30.193.15] (may be forged))
by mail.hol.gr (8.8.8/12.0.0) with SMTP id QAA11547
for <[email protected]>; Sun, 28 Feb 1999 16:57:28 +0200 (EET)
Message-Id: <[email protected]>
Date: Sun, 28 Feb 1999 16:57:25 +0200
Reply-To: [email protected]
Sender: [email protected]
From: "Themistoklis Kordogiannis" <[email protected]>
To: "Wu-Ftpd" <[email protected]>
Subject: RE: Minor Problems After Upgrading to Beta18-VR14
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0
X-MimeOLE: Produced By Microsoft MimeOLE V4.72.2106.4
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

Found it.

Since i never was much of a shell script writer, i can only give tell you
what to look for :)
I'll have a friend of mine work out a patch, or if i find the time i'll make
it myself.....

Anywayz......

In version 1.05a of iisstat.pl, line 465 read

if ($#line != 16) { # skip if not 17 fields

just change that to

if ($#line != 17) { # skip if not 18 fields

in order to recognise and accept the extra field Gregory has put :)

That's it.

Only thing is that now it won't be able to read the old format of the file,
which has one less field....
I'll have to remember how perl works to sort this out, but for the time
being it works for me :)

Themis

From [email protected] Sun Feb 28 09:18:47 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id JAA23731;
Sun, 28 Feb 1999 09:18:47 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id JAA02988;
Sun, 28 Feb 1999 09:15:33 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id JAA11413
for <[email protected]>; Sun, 28 Feb 1999 09:11:03 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id KAA05832;
Sun, 28 Feb 1999 10:10:58 -0500
Message-Id: <[email protected]>
Date: Sun, 28 Feb 1999 10:10:58 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: Themistoklis Kordogiannis <[email protected]>
Cc: Wu-Ftpd <[email protected]>
Subject: RE: Minor Problems After Upgrading to Beta18-VR14
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Sun, 28 Feb 1999, Themistoklis Kordogiannis wrote:

> In version 1.05a of iisstat.pl, line 465 read
>
> if ($#line != 16) { # skip if not 17 fields
>
> just change that to
>
> if ($#line != 17) { # skip if not 18 fields
>
> in order to recognise and accept the extra field Gregory has put :)
>
> Only thing is that now it won't be able to read the old format of the
> file, which has one less field.... I'll have to remember how perl
> works to sort this out, but for the time being it works for me :)

if (($#line != 16) && (($#line != 17)) { # skip if not 17 or 18 fields

actually, I'd recommend doing it this way instaed to avoid problems in the
future:

if ($#line < 16) { # skip if fewer than 17 fields

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195

From [email protected] Sun Feb 28 09:57:24 1999
Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1])
by landfield.com (8.9.0/8.9.0) with ESMTP id JAA24188;
Sun, 28 Feb 1999 09:57:23 -0600 (CST)
Received: from host (wugate.wustl.edu [128.252.120.1])
by wugate.wustl.edu (8.8.8/8.8.5) with SMTP id JAA14841;
Sun, 28 Feb 1999 09:54:07 -0600 (CST)
Received: from mail.vr.net ([email protected] [205.133.13.8])
by wugate.wustl.edu (8.8.8/8.8.5) with ESMTP id JAA04448
for <[email protected]>; Sun, 28 Feb 1999 09:46:27 -0600 (CST)
Received: from localhost (lundberg@localhost)
by mail.vr.net (8.9.3/8.9.3) with ESMTP id KAA06006;
Sun, 28 Feb 1999 10:45:55 -0500
Message-Id: <[email protected]>
Date: Sun, 28 Feb 1999 10:45:55 -0500 (EST)
Reply-To: [email protected]
Sender: [email protected]
From: Gregory A Lundberg <[email protected]>
To: "Cai, Xuejun" <[email protected]>
Cc: [email protected]
Subject: Re: How to enable 'site exec index' on Redhat5.2
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Listprocessor-Version: 8.0 -- ListProcessor(tm) by CREN

On Sun, 28 Feb 1999, Cai, Xuejun wrote:

> My users want to use the 'site exec index' command to locate file. But
> I can't find answers from FAQ the list's archive. What need I do in
> server side to enable this function?

First off, let me say that the SITE EXEC feature has marginal usefullness.
I rather doubt, once you get it working, that it'll do what your customers
expect.

The short syntax for index is 'SITE INDEX <parameters>'. The meaning of
<parameters> is undefined since the prorgam 'index' is undefined. This is
a legacy from WUarchive, the comment in the code says "this is just for
backward compatibility since we thought of INDEX before we thought of
EXEC." Internally, the daemon converts this to a SITE EXEC.

The syntax for SITE EXEC is 'SITE EXEC <program>[ <parameters>]'. Note
that the SPACE (' ') character between <program> and <parameters> is
REQUIRED if <parameters> is present.

The daemon parses <program> to remove _all_ pathname components, if any,
leaving just the name of the program file. For instance, if you say "SITE
EXEC /bin/ls" the daemon will use only the 'ls' and ignore '/bin/'. This
is an important point, read on ...

The daemon then inserts the _PATH_EXECPATH and a slash ('/') BEFORE this
program name. On most systems (NB.: NOT ON REDHAT Linux) _PATH_EXECPATH
is /bin/ftp-exec . The value is set in src/pathnames.h .. Redhat, for
some vague reason having to do with local naming conventions has choosen
to quietly move this to /usr/bin/ftp-exec (of course nobody notices
because nobody uses SITE EXEC anyway).

It then parses the <parameters> into an arg array and attempts to execute
the command. So, on most systems, the following command

SITE EXEC /bin/ls

is similar to executing the following (users chroot to /home/users on my
systems ...)

chroot /home/users /bin/ftp-exec/ls

or, on Redhat Linux

chroot /home/users /usr/bin/ftp-exec/ls

remembering when you do this you're root (the remote user won't be) and
your environment is full of stuff (the remote user's will be empty).

Now then, a few final points:

- on most text-based ftp client you need to add 'quote' before the
SITE command to tell the client to send it literally as typed. Most
window-based clients (specifically, web browsers) do not have any way
to type random commands like this.

- you cannot provide any input to the program except on the command line

- output from the program is returned to the remote user via the CONTROL
connection. If the user used a hyphen before their password, they
won't see it because it's extended output the hyphen tells the daemon
to suppress. Also, if the user is NOT using a text-based FTP client,
they probably won't see the output anyway because most web browsers
(well, IE at least, I'm sure a Netscape user will correct me) simply
don't bother to show it.

- the output sent over the control connection is truncated. The default
is to chop off the output after 20 lines (1000 lines on Redhat). The
VR versions include the 'site-exec-max-lines' clause which allows you
to determine where truncation occurs, if at all.

- I can think of some very good reasons to use SITE EXEC but know of no
sites which use it for those reasons. In fact, I'd be surprised if
more than a few dozen sites out of the millions running wu-ftpd even
use it at all.

--

Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive [email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195