[wplug] Anonymous FTP and hidden files (security problem?)
Jonathan S. Billings
billings at negate.org
Wed Sep 10 09:33:22 EDT 2003
On Wednesday, Sep 10, 2003, at 09:25 America/New_York, Albert E. Whale,
CISSP wrote:
> These files are primarily intended to be used for Users with SHELL
> Access. Tftp - aka Anonymous FTP, should not get Shell Access (IMHO).
> Removal should not break your system, but rather improve your
> Security.
I just wanted to note that 'tftp' and 'ftp' are two completetely
different protocols, and that 'tftp' isn't also known as anonymous ftp.
I agree with the point though, you shouldn't be able to get shell
access through your ftp server, so there is no reason to have the
standard shell rc files and other files created by adduser.
--
Jonathan Billings
billings at negate.org
More information about the wplug
mailing list