incubator-mod_ftp-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sander Temme <san...@temme.net>
Subject Re: Sanity check
Date Fri, 02 Feb 2007 19:28:13 GMT

On Jan 31, 2007, at 9:53 AM, William A. Rowe, Jr. wrote:

> Our example config is less-than-ideal, because we are restricting  
> known-bad
> methods.  This can lead to evil or unanticipated side effects.

Bad in this context equals Methods that we want to see more strictly  
authenticated.

Evil means that less authenticated users might access Methods we want  
to see more strictly authenticated.

Less == valid-user, authenticated against a regular database or maybe  
even authn_anon
More == a specific user whom we give more powers because of who they  
are, like Admin

> We need to use LimitExcept to specify known-good things.

I agree.

1) If we inadvertedly deny access to a newly implemented Method,
    this is easly corrected
2)  If we default-allow something that we'd like to see more
     strongly authorized, this easily goes unnnoticed

2 is bad, 1 is good.

> Of our list, these are known-good IMHO and would like some more  
> eyes to validate
> these can't modify data on the server by their definitions.
>
> ABOR ACCT AUTH CDUP CWD EPRT EPSV FEAT HELP LIST LPRT LPSV MDTM  
> MODE NLST NOOP
> PASS PASV PBSZ PORT PROT PWD QUIT REIN REST RETR SIZE STAT STRU  
> SYST TYPE USER
> XCWD XPWD

known-good means it doesn't write anything to the server. I agree  
with this list, and would add XCUP subject to wrowe's remark below.

> These are the known actions which alter/send information from  
> client to server,
> but we make a proper list of these.
>
> MKD RMD ALLO APPE DELE MAIL MLFL MSAM MSND MSOM RNFR RNTO SITE SMNT  
> STOR STOU
> XMKD XRMD

Wonder how we would implement SMNT... +1 to this list as well.

> These are the byproducts of remake_ftp_protocol on linux.
>
> We can also reduce the good-list because I believe the Xvariants  
> are pre-mapped
> before we invoke the subrequest, and the unimplemented ones could  
> be omitted.

Yes, they are essentially the same thing. I think the DOS FTP client  
may use them.

S.

-- 
sander@temme.net              http://www.temme.net/sander/
PGP FP: 51B4 8727 466A 0BC3 69F4  B7B8 B2BE BC40 1529 24AF


Mime
View raw message