exit(1);}if(chroot("/var/ftp")) {	perror("chroot /var/ftp");	exit(1);}/* optional: seteuid(FTPUID); */execl("/bin/ftpd","ftpd","-l",(char *)0);perror("exec /bin/ftpd");exit(1);}</pre>Options:<p>You can use 'netacl' from the toolkit or tcp_wrappers to achievethe same effect.<p>We use 'netacl' to switch so that a few machines that connect tothe FTP service *don't* get chrooted first. This makes transferringfiles a bit less painful.<p>You may also wish to take your ftpd sources and find all the placeswhere it calls seteuid() and remove them, then have the wrapper doa setuid(ftp) right before the exec. This means that if someoneknows a hole that makes them "root" they still won't be. Relax andimagine how frustrated they will be.<p>If you're hacking ftpd sources, I suggest you turn off a bunch ofthe options in ftpcmd.y by unsetting the "implemented" flag inftpcmd.y. This is only practical if your FTP area is read-only.<p><li>As usual, make a pass through the FTP area and make sure that the filesare in correct modes and that there's nothing else in there thatcan be executed.<p><li>Note, now, that your FTP area's /etc/passwd is totally separated fromyour real /etc/passwd. This has advantages and disadvantages.<p><li> Some stuff may break, like syslog, since there is no /dev/log. Eitherbuild a version of ftpd with a UDP-based syslog() routine orrun a second syslogd based on the BSD Net2 code, that maintainsa unix-domain socket named ~ftp/dev/log with the -p flag.<p>REMEMBER:<p>If there is a hole in your ftpd that lets someone get "root"access they can do you some damage even chrooted. It's justlots harder. If you're willing to hack some code, making theftpd run without permissions is a really good thing. Thecorrect operation of your hacked ftpd can be verified byconnecting to it and (while it's still at the user prompt)do a ps-axu and verify that it's not running as root.                     </ol><hr size=5><h3><a name = "os">3. OS Specific needed information and suggestions.</a></h3>These machines may need dev/tcp:<ul><a name = "att"><li>Older SVR2 and SVR3 system<li> RTU 6.0 (Masscomp, now Concurrent Real Time UNIX),<li>AT&#38;T 3B1 and 3B2 machines<p></ul><h4>[dev/tcp]</h4>These ftpd implementations may require a ~ftp/dev/tcp in order for anonymousftp to work.  <p>You have to create a character special device with the appropriate major andminor device numbers. The appropriate major and minor numbers of ~ftp/dev/tcpare what the major and minor numbers of /dev/tcp are.<p>The ~ftp/dev is a directory and ~ftp/dev/tcp is a character special device. Make them owned and grouped by root. Permissions for ~ftp/dev is rootread/write/exec and other &#38; group read and exec. The permissions for~ftp/dev/tcp is root read/write, other &#38; group read.<p><h4><a name = "hpux">HPUX</h4><i>[Logging]</i>If you're using HP's native ftpd, the line in /etc/inetd.confshould execute ftpd -l, which does extra logging.<h4><a name = "sol"> Solaris 2.x</h4><i>[Script]</i> Solaris' man page contains a script for installing anonymous ftpdwhich saves time.  You may still want to check over your anonymous ftpdfor vulnerabilities.<p>Command for reading the man page is:<blockquote>$ man ftpd</blockquote><h4><a name = "sun">SunOS</h4><i>[Libraries]</i>To set up SunOS to use its shared dynamic libraries, follow thesesteps:<ol><li> Create the directory ~ftp/usr.  This directory is owned by root withpermissions 555.<p><li>Create the directory ~ftp/usr/lib.  This directory is owned by root withpermissions 555. <p><li> Copy the runtime loader ld.so into ~ftp/usr/lib for use by ls.  ld.so isowned by root with permissions 555. <p><li> Copy the latest version of the shared C library, libc.so.* into~ftp/usr/lib for use by ls.  <p>libc.so.* is owned by root with permissions 555.<p>Note:4.1.2(or above) users: you also need to copy  /usr/lib/libdl.so.* to~ftp/lib.<p><li> Create the directory ~ftp/dev.  This directory is owned by root withpermissions 111.<p><li> ~ftp/dev/zero is needed by the runtime loader.  Move into the directory~ftp/dev and create it with the command: <blockquote>	mknod zero c 3 12</blockquote>chown ~ftp/dev/zero to root.  Make sure it's readable.<p>Warning:For novices: Don't try to copy /dev/zero to ~ftp/dev/zero!This is an endless file of zeroes and it will completely fill your filesystem!<p><li> If you want to have the local time showing when people connect, create thedirectory ~ftp/usr/share/lib/zoneinfo and copy/usr/share/lib/zoneinfo/localtime<p><li> If you are bothered by the need for copying your libraries so that you canuse Sun's 'ls', which is dynamically linked, you can try to get a staticallylinked copy of 'ls' instead.  The CD-ROM that contains Sun's OS has astatically-linked version of ls.  In this case, you can dispense with steps#6-8.<p>Statically linked versions may be available from the following sources:<p>	If you want a statically linked "ls" get the GNU fileutils off aarchive site near you and statically link it. <p> <i>[Logging]</i> Sun's standard ftpd logs *all* password information.  To correct it,install patch:<pre>101640-03       SunOS 4.1.3: in.ftpd logs password info when -d option isused.   </pre>In /etc/inetd.conf find the line that starts with "ftp".  At theend of that line, it should read "in.ftpd".  Change that to "in.ftpd -dl". In /etc/syslog.conf, add a line that looks like:              <pre>                       daemon.*	               			/var/adm/daemonlog</pre>The information can be separated (or like SunOs4.1.1 does not recognizedaemon.* so it requires the following form), such as:<pre>daemon.info                                    /var/adm/daemon.infodaemon.debug                                   /var/adm/daemon.debugdaemon.err                                     /var/adm/daemon.err</pre>Note that the whitespace between the two columns must include at least oneTAB character, not just spaces, or it won't work.  Of course your log filecould be anything you want.  Then, create the logfile (touch/var/adm/daemonlog should do).  Finally, restart inetd and syslogd, eitherindividually, or by rebooting the system.  You should be good to go.  If youdo not install the patch, make sure the log file is owned by root and mode600, as the ftp daemon will log *everything*, including users' passwords.<p>Warning:You want to make all logs root only readable for security reasonsIf a user mistypes his password for his username, it could be compromisedif anyone can read the log files.</ol><hr size=5><h3><a name = "other">4. Where to get other FTP daemons</a></h3><ul><li>Wuarchive FTP 2.4- A secure FTP daemon that allows improved access-control,logging, pre-login banners, and is very configurable: <p>	Can be ftp'd from ftp.uu.net in "/networking/ftp/wuarchive-ftpd"directory.  Be certain to verify the checksum information to confirm that youhave retrieved a valid copy. [Warning: Older versions of Wu-FTP are extremelyinsecure and in some cases have been trojaned.]<pre>                        BSD        SVR4              File               Checksum   Checksum    MD5 Digital Signature     -----------------  --------   ---------   --------------------------------     wu-ftpd-2.4.tar.Z  38213  181  20337 362  cdcb237b71082fa23706429134d8c32e     patch_2.3-2.4.Z    09291    8  51092  16  5558a04d9da7cdb1113b158aff89be8f</pre><li>     For DECWRL ftpd, sites can obtain version 5.93 via anonymous FTP     from gatekeeper.dec.com in the "/pub/misc/vixie" directory.<pre>                        BSD        SVR4              File               Checksum   Checksum    MD5 Digital Signature     -----------------  --------   --------- --------------------------------     ftpd.tar.gz        38443  60  1710 119  ae624eb607b4ee90e318b857e6573500</pre><li>     For BSDI systems, patch 005 should be applied to version 1.1 of     the BSD/386 software.  You can obtain the patch file via     anonymous FTP from ftp.bsdi.com in the "/bsdi/patches-1.1"     directory.<pre>                        BSD        SVR4              File               Checksum   Checksum    MD5 Digital Signature     -----------------  --------   ---------   --------------------------------     BU110-005          35337 272  54935 543   1f454d4d9d3e1397d1eff0432bd383cf</pre><li>Public Domain Sources:<p><blockquote>   ftp.uu.net            ~ftp/systems/unix/bsd-sources/libexec/ftpd<br>   gatekeeper.dec.com    ~ftp/pub/DEC/gwtools/ftpd.tar.Z</blockquote></ul><hr size=5><h3><a name = "secure">5. How to Know if your Anonymous FTP Server is Secure</a></h3>This section is intended for the administrator to go down a small check list of things to make sure his server is not easily compromised.<ol><li> Check to make sure your ftp server does not have SITE EXEC command bytelneting to port 21 and typing SITE EXEC.  If your ftp daemon has SITE EXECmake sure it is the most current version (ie, Wu-FTP 2.4).  In older versionsthis allows anyone to gain shell via port 21.<p><li>   Check to make sure no one can log in and make files or directories in themain directory.  If anyone can log in as anonymous FTP and make files such as.rhosts and .forward, instant access is granted to any intruder. <p><li> Check to make sure the main directory is NOT owned by ftp.  If it isowned by FTP, an intruder could SITE CHMOD 777 the main directory and thenplant files to give him instant access.  SITE CHMOD command should be removedbecause anonymous users do not need any extra priviledges.<p><li>  Check to make sure NO files or directories are owned by ftp. If they are,it is possible an intruder could replace them with his own trojan versions. <p><li>  There were several bugs in old daemons, so it is very important to makesure you are running the most current ftp daemons. </ul><hr size=5><h3><a name = "archie">6. Archie</a></h3>Searches FTP sites for programs.  Login into these sites as archieor use client software for faster access.  To get your own anonymoussite added to Archie's search list, e-mail <a href=mailto:archie-updates@bunyip.com>archie-updates@bunyip.com.</a><pre>    archie.ac.il               132.65.20.254    (Israel server)    archie.ans.net             147.225.1.10     (ANS server, NY (USA))    archie.au                  139.130.4.6      (Australian Server)    archie.doc.ic.ac.uk        146.169.11.3     (United Kingdom Server)    archie.edvz.uni-linz.ac.at 140.78.3.8       (Austrian Server)    archie.funet.fi            128.214.6.102    (Finnish Server)    archie.internic.net        198.49.45.10     (AT&#38;T server, NY (USA))    archie.kr                  128.134.1.1      (Korean Server)    archie.kuis.kyoto-u.ac.jp  130.54.20.1      (Japanese Server)    archie.luth.se             130.240.18.4     (Swedish Server)    archie.ncu.edu.tw          140.115.19.24    (Taiwanese server)    archie.nz                  130.195.9.4      (New Zealand server)    archie.rediris.es          130.206.1.2      (Spanish Server)    archie.rutgers.edu         128.6.18.15      (Rutgers University (USA))    archie.sogang.ac.kr        163.239.1.11     (Korean Server)    archie.sura.net            128.167.254.195  (SURAnet server MD (USA))    archie.sura.net(1526)      128.167.254.195  (SURAnet alt. MD (USA))    archie.switch.ch           130.59.1.40      (Swiss Server)    archie.th-darmstadt.de     130.83.22.60     (German Server)    archie.unipi.it            131.114.21.10    (Italian Server)    archie.univie.ac.at        131.130.1.23     (Austrian Server)    archie.unl.edu             129.93.1.14      (U. of Nebraska, Lincoln (USA))    archie.univ-rennes1.fr                      (French Server)    archie.uqam.ca             132.208.250.10   (Canadian Server)    archie.wide.ad.jp          133.4.3.6        (Japanese Server)</pre><hr size=5></html>