1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
ftpd for Debian
---------------
ftpd now supports PAM. It is recommended that you leave the pam_ftp entry
alone in the pam configuration file since ftpd uses it to figure out prompts
and determining anonymity.
The best way to disable anonymous ftp is to place ftp and anonymous in
/etc/ftpusers. Removing the user ftp from the system also works.
The -A option no longer has any effect since authentication is done by PAM.
To recover its functionality, just uncomment the ftpchroot line in the pam
configuration file.
If you wish to receive reports from users of your ftp server, you should setup
an alias for ftp-bugs@name.of.your.ftp.server.
Globbing Attacks
----------------
Globbing attacks aimed at exhausting memory/CPU resources (e.g.,
ls ../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*) can be
countered by setting the appropriate resource limits in
/etc/security/limits.conf. To do so, you need to make sure that /etc/pam.d/ftp
contains the line
session required pam_limits.so
Which is the case by default. The limits which are most important on Linux are
"as" and "cpu". For example, to limit the memory usage to 10MB, you should put
ftp hard as 10240
in /etc/security/limits.conf.
Herbert <herbert@debian.org>
$Id: README.Debian,v 1.4 2002/10/06 22:23:49 herbert Exp $
|
