[ale] FTP-only
attriel
attriel at d20boards.net
Wed Jan 1 17:13:30 EST 2003
OK, so, I remember waaaay back when i started with slack in 95 there were
tricks where people would use someone's FTP to get into the server via
shell-overloads and the like, so it was always advised to not give them
real shells, but rather fake ones, like /bin/none or something ...
Then it turned out that that really wasn't a good idea, b/c there were an
all new set of fakes they could do to turn /dev/null or such into a root
bash ... But i don't remember what the real solution was to that, since
most of my FTP's also had shell access (well, they had shells and so I
gave them FTP for uploading) ...
Now, I'm installing a new server for web serving, but at this point most
of the people using it DON'T get shells anymore (executive decisions are
so much fun :) SO! I need to know those tricks again. How do I make an
FTP setup secure ? I'm thinking about doing SFTP, but I'm not 100% sure
that all the people using the system could handle it (specifically, my
parents :o)
So, failing the SFTP option, what's the way of making like wu secure? And
which is easier to secure/less "exploit-y"? wu? pro? something else?
thanks for the help folks!
--attriel
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale
More information about the Ale
mailing list