[OpenAFS] anon FTP upload directory ACL

Derek Atkins warlord@MIT.EDU
01 Jun 2002 17:15:10 -0400

Russ Allbery <rra@stanford.edu> writes:

> Note that you need to be sure to disable mkdir in your FTP server, since
> otherwise with i permission in the parent directory, the anonymous FTP
> user can create a subdirectory, which will then be owned by someone you
> don't want it to be owned by, and the Unix owner of the directory can then
> change the ACLs on that directory.  Probably not *easy* to exploit, but
> I'd worry some about it.

Last I checked it was only the owner of the volume that had implicit
'a' access, not the owner of a directory.  So I dont think there is
much of an exloit here.


PS: I concur with Russ that you need 'lwi' permissions.  You do not
want 'r' permissions.  'l' implies "list/enter directory" whereas 'r'
implies "read files".  There is no way to provide, in AFS, a way to
insert files into a directory without also allowing them to read the
directory listing (although not necessarily the stat() entries of the
files in the directory).

       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@MIT.EDU                        PGP key available