ftp upload, was Re: vsftpd and ~/public_html

gnu not unix gnu at wraith.sf.ca.us
Mon Aug 29 18:14:22 UTC 2005

>> [y4kk0 at X ~]$ ls -Zd public_html/
>> drwxrwxrwx  y4kk0    users    system_u:object_r:httpd_user_content_t 
>> public_html/
>> [y4kk0 at X ~]$

>> selinux-policy-targeted-1.25.4-10
>> system: Fedora Core 4

>> Maybe default policy should allow ftp server to enter this directory 
>> so users would be able to upload their WWW stuff via ftp?

>Sounds reasonable,  I will add it.

Ouch, this seems like opening up an attack vector to me.
Shouldn't ftp *upload* be to a write-only "holding cell" 
at least? 


More information about the fedora-selinux-list mailing list