From: Malcolm Beattie (mbeattie@black.ox.ac.uk)
Date: 08/31/93 

From: mbeattie@black.ox.ac.uk (Malcolm Beattie)
Subject: Re: anonymous ftp 0.99pl1
Date: Tue, 31 Aug 1993 15:42:31 GMT

In article <CCMK3s.9Au@news.iastate.edu> jdh@iastate.edu (Jon Hamilton) writes:
>In article <1993Aug31.085424.25293@black.ox.ac.uk> mbeattie@black.ox.ac.uk (Malcolm Beattie) writes:
>
>>>YIKES! I don't think you want to copy the libraries around, why not just
>>>put a link to it if it's required. I'm not sure this is his problem in
>>>any case, since I didn't have to do anything like this, and I can ftp to/from
>>>the Linux box from another Linux box and a Sun IPX with no difficulty.
>>
>>The point is that ftpd does a chroot(2) and then can't see
>>the libraries whatever sort of links you use. You either need
>>to have copies of your shared libraries under ~ftp or else
>>only ever put statically linked binaries under there.
>
>Long before there were (evil) symbolic links, there were hard links.
>I don't understand the fascination that people in the c.o.l.* groups
>have with symlinks, but this is a good example of When Not To Use Them(TM).
>Assuming /home/ftp is on the same physical disk as /lib, a hard link
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Once corrected to `same partition', this is still a non-trivial
assumption. I have separate root, /usr and /home partitions and
so do many others I expect, so hard links will not work.
Furthermore, for safety and security I would recommend that
anyone setting up an anonymous ftp area try to separate the
environment as much as possible from the real environment.
In particular, if a user within the restricted file system
manages to write to and trash the library then, with your
setup, all other users are taken down too because the library
in the (unsafe) ftp area is (a hard link to) the real library.

It is a difficult job to make a secure part of the filesystem
available widely (witness the recent security holes with
ftp daemons of all origins and the even more recent security
problems with many gopher server setups.) I wouldn't tempt fate
by placing real (hard links to) libraries in there too.

>will solve the problem and you won't lose all that disk space
>by having two copies of your library.

--Malcolm 

-- 
Malcolm Beattie <mbeattie@black.ox.ac.uk> | I'm not a kernel hacker
Oxford University Computing Services      | I'm a kernel hacker's mate
13 Banbury Road, Oxford, OX2 6NN (U.K.)   | And I'm only hacking kernels
Tel: +44 865 273232 Fax: +44 865 273275   | 'Cos the kernel hacker's late