Re: forcing FTP-uploaded files to be of certain types only

----- Original Message -----
From: Mikhail Teterin <mi+mx@xxxxxxxxxxxxxxxxx>
Date: Monday, July 17, 2006 7:58 am
Subject: Re: forcing FTP-uploaded files to be of certain types only

I was hoping for some sort of plugin-API for the server...
Determining the
file's type is not really hard -- file(1) does just that. I'm not
looking to
prevent _malicious_ users -- just the ignorant ones.

Ok, I see what you're interested in. I don't believe the stock FBSD server has a plugin API. Try something like ProFTPD, if you are comfortable writing a module that accesses external programs. I wouldn't do that myself, too much room for exploits, but you could always use the algorithm from file(1) in your module, as it is BSD licensed.

We don't mind LARGE files -- some of those are legitimate. We just
want them
to be compressed before being uploaded. In fact, checking for this
is even
easier, than the usual byte-sniffing done by file(1) -- just try to
compress
those first 100K. If the result is smaller than 50K, the whole gets
rejected :-)

That could lead to many DoS attacks, high load, etc - but as you said you trust the users, I suspect this is not an issue to you. I personally code with security in mind no matter the situation, but you decide what is best for you. :)

No, destruction is not an option :-)

Awww, that's my favorite part! ;)

Yeah, and we are doing that now -- kind of. But I would like an
educational
message sent to the uploader instead: "Transfer aborted: please
compress
large files before uploading"...

Now that I understand your situation better, I see what you are attempting to do. You'll likely need something like ProFTPD to accomplish what you're asking, I don't believe the stock FTP server has the functionality/modular design necessary. Something you might want to consider - simply compressing all files recieved on the ftp server, regardless of type/previous compression. Since it sounds like you wan't worry about DoSing, malicious users, etc - and I am assuming this is on the internal network only - and also security is not your concern - simply compressing all files wouldn't hurt anything. It'll only gain you a few % on the previously compressed files, but it will take care of the uncompressed files in the process. Re-training users can be quite dificult, CPU hours costs much less than human hours. :)

Either way, it sounds like you can accomplish your task. I'd personally write a module with built in file(1) type functionality myself, and not access file(1) as an external program. All of the options above, should work - however. You'll need a different FTP daemon though if you want to write a module. :)

Best wishes,
David
_______________________________________________
freebsd-net@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@xxxxxxxxxxx"