Re: queue in erlangen
> Is this true? Doesn't it only allow renames in directories that are
> world-writeable? A little test at my own computer showed that this
> seems to be the case.
Yep. But anonymous users must have write access in all incoming
directories, and there are more than one incoming dirs on
ftp.uni-erlangen.de...
> But then you still have the problem that all anonymous users can
> rename files, of course.
This is the most obvious attack: Rename some file in the queue dir,
and the job won't be processed. If you rename the .changes, the
uploader even can't be notified, because the daemon doesn't know his
mail address (I'm currently working on changing this).
But to end this discussion about wu-ftpd features: I have a
(hopefully) better idea what to do about leftover files:
I could implement *.command files that are somewhat similar to
*.changes files, but contain some commands for the queue daemon. These
files have to be PGP-signed, so only known Debian developers can give
commands. I think we can live with that. (Debian developers also can
delete files in master's incoming...)
A *.commands could look like:
------------------------------------------------------------------------------
Uploader: Otto Juhser <otto@some.where>
Commands:
rm hello_1.0_i386.deb
------------------------------------------------------------------------------
For now I think implementing 'rm' and 'mv' is enough, but others could
follow in future. Also, the filenames may not contain any slashes, so
they're restricted to the queue dir. The email address is used for
reply.
Comments?
Roman
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: