cvs commit: src/libexec/ftpd ftpd.c
Yar Tikhiy
yar at FreeBSD.org
Sat Feb 7 06:54:30 PST 2004
yar 2004/02/07 06:54:30 PST
FreeBSD src repository
Modified files:
libexec/ftpd ftpd.c
Log:
Deny attempts to rename a file from guest users if the policy
says they may not modify existing files through FTP.
Renaming a file is effectively a way to modify it.
For instance, if a malicious party is unable to delete or overwrite
a sensitive file, they can nevertheless rename it to a hidden name
and then upload a troyan horse under the guise of the old file name.
Revision Changes Path
1.152 +4 -0 src/libexec/ftpd/ftpd.c
More information about the cvs-src
mailing list