[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Unknown file in login on proftpd 1.2.0pre10-2potato1

Poe-Min Oliver Wu wrote:
> Hi,
>         I've just found that an anonymous ftp connection
>         to my box whould leave a file $FTPROOT/var , whose
>         u/gid is ftp/nogroup, the same as proftpd.
>         I'm using Debian 2.2 with proftpd 1.2.0pre10-2potato1
>         on an i386, and this didn't happen before I do an
>         'apt-get upgrade' some time ago.

Actually, we just noticed the exact same thing on one of our servers,
running the exact same version of proftpd. There are now 30 of these
files in different people's homedirectories. They are all owned by the
user owning that directory; I guess this is because we are running with
"DefaultRoot ~". 

All files have the exact same size, 1932 bytes. Almost all of them are
full of nulls, except for one which contains a few readable words,
seeming to come from the proftpd logs. 

My guess is that it's a small bug in proftpd that dumps some internal
data, and has no security implications. But since you can't be too sure,
it would be interesting to see what other people have to say about this.

Maarten Vink
Williams and Holland's Law: If enough data is collected, anything may be
proven by statistical methods.

Reply to: