LFS security problem: break-in

Jesse Tie Ten Quee highos at highos.com
Wed Aug 16 11:11:39 PDT 2000


On Wed, 16 Aug 2000, Ed Riddle wrote:
> I think an rsync server may also be an alternative.  I have not studied the
> security aspect, but you do not need an account so there is no actual login.
> There is also a chroot to path that would help limit security problems.

Hrm, if your _not_ running an ftp daemon in chroot id be scared.

I don't see why one _has_ to have an ftp daemon running, scp works fine
for uploading files if your clients/users know howto use it, i feel a hell
of a lot better just using http instead of ftp *shrugs*

Anyways, just wanted to mention that if your going to run an ftp daemon at
_least_ run her in chroot ;)

Jesse Tie Ten Quee - highos at highos dot com

Mail archive: http://www.pcrdallas.com/mail-archives/lfs-discuss
IRC access: server: irc.linuxfromscratch.org port: 6667 channel: #LFS
Unsubscribe: email lfs-discuss-request at linuxfromscratch.org and put
"unsubscribe" (without the quotation marks) in the body of the message
(no subject is required)

More information about the lfs-dev mailing list