SUMMARY: wuftp with enhanced security

From: Duffy, Thomas J. (thomas.duffy_at_ngc.com)
Date: 12/13/03

  • Next message: Steve Lowe: "Error Message on ReBoot" 
    Date: Fri, 12 Dec 2003 15:08:10 -0800
To: Tru64-UNIX-Managers@ornl.gov

    Fellow System Managers:

    Many thanks go out to Eric Sisson for his assistance with this issue. To
    repeat the problem:

    We switched to using ENHANCED SECURITY for our Tru64 Version 5.1a host and
    were unable to complete an ftp login into the system which uses the
    Washington University FTP (version 2.6.2) server daemon application. Per
    notes in their FAQ, I attempted to rebuild to include enhanced security
    support but was still unable to complete an ftp login. I modified the
    Makefile.du4 and Makefile.dec makefiles to hopefully accomplish the changes,
    but I was unsuccessful in changing the
    behavior. Below are the relevant links:

    http://www.wu-ftpd.org
    WUFTP Home Page
    http://www.landfield.com/wu-ftpd/wu-ftpd.org/wu-ftpd/wu-ftpd-2.6.2.tar.gz
    Download location
    http://www.wu-ftpd.org/wu-ftpd-faq.html#QA25
    FAQ about security

    The main advantage to this version of FTP is that we can control the guest
    user's view of the system. In other words, their home directory will appear
    as the root directory and they can't navigate outside their directory.

    Has anyone successfully built this version of FTP for a similar host?

    ============================================================================

    Eric's Response:

    I have built wu-ftpd-2.6.2 on a Tru64 5.0a system (a little earlier
    than yours) with Enhanced Security, and it is working. The following
    are items from my notes on the build process.

    - In this version of the package, the GNU configure process fails to
    detect C2 security in Tru64. Therefore, use the old build process,
    modifying file src/makefiles/Makefile.du4 as described within its
    comments.

    - The build process creates a link src/pathnames.h pointing to file
    src/pathnames.h.noac, which specifies paths to configuration and
    run-time files. Therefore, that file should be modified. However, to
    specify the paths we wanted, modifying file src/pathnames.h.in was
    simpler.

    - Attempt to compile src/logwtmp.c failed because symbols O_WRONLY
    and O_APPEND were not declared. They are declared in <sys/fcntl.h>,
    but compilation must specify -DHAVE_FCNTL_H to include this file.

    - Attempt to compile src/logwtmp.c generates warning message at an
    invocation of C library function time because the function expects a
    pointer value of type "int" but is supplied with an argument of type
    "long". Fix this by using function time64 instead.

    I made changes to "src/makefiles/Makefile.du4" as specified by the
    following diffs:

    32c32
    < IFLAGS = -I.. -I../support -Olimit 1000 -DVIRTUAL 

    ---
>  IFLAGS   = -I.. -I../support -Olimit 1000 -DVIRTUAL -DSECUREOSF 
>-DHAVE_FCNTL_H
37c37
< LIBES    = -lsupport -lresolv
---
>  LIBES    = -lsupport -lresolv -lsecurity
I made changes to "src/logwtmp.c" as specified by the following diffs:
195c195
<	(void) time(&ut.ut_time);
---
>	(void) time64(&ut.ut_time);
I think these are the main points.  I hope this proves helpful to 
you.  Good luck.
========================================================================
The steps above worked fine, but I did have a problem with pathnames.h
because the paths specified in it were incompatible with the ones that
were used when the original version (pre-enhanced security) was installed.
Once I corrected that, it worked fine.
Thanks.
  • Next message: Steve Lowe: "Error Message on ReBoot"