From: Duffy, Thomas J. (thomas.duffy@ngc.com)
Date: Fri Dec 12 2003 - 18:08:10 EST
Fellow System Managers:
Many thanks go out to Eric Sisson for his assistance with this issue. To
repeat the problem:
We switched to using ENHANCED SECURITY for our Tru64 Version 5.1a host and
were unable to complete an ftp login into the system which uses the
Washington University FTP (version 2.6.2) server daemon application. Per
notes in their FAQ, I attempted to rebuild to include enhanced security
support but was still unable to complete an ftp login. I modified the
Makefile.du4 and Makefile.dec makefiles to hopefully accomplish the changes,
but I was unsuccessful in changing the
behavior. Below are the relevant links:
http://www.wu-ftpd.org
WUFTP Home Page
http://www.landfield.com/wu-ftpd/wu-ftpd.org/wu-ftpd/wu-ftpd-2.6.2.tar.gz
Download location
http://www.wu-ftpd.org/wu-ftpd-faq.html#QA25
FAQ about security
The main advantage to this version of FTP is that we can control the guest
user's view of the system. In other words, their home directory will appear
as the root directory and they can't navigate outside their directory.
Has anyone successfully built this version of FTP for a similar host?
============================================================================
Eric's Response:
I have built wu-ftpd-2.6.2 on a Tru64 5.0a system (a little earlier
than yours) with Enhanced Security, and it is working. The following
are items from my notes on the build process.
- In this version of the package, the GNU configure process fails to
detect C2 security in Tru64. Therefore, use the old build process,
modifying file src/makefiles/Makefile.du4 as described within its
comments.
- The build process creates a link src/pathnames.h pointing to file
src/pathnames.h.noac, which specifies paths to configuration and
run-time files. Therefore, that file should be modified. However, to
specify the paths we wanted, modifying file src/pathnames.h.in was
simpler.
- Attempt to compile src/logwtmp.c failed because symbols O_WRONLY
and O_APPEND were not declared. They are declared in <sys/fcntl.h>,
but compilation must specify -DHAVE_FCNTL_H to include this file.
- Attempt to compile src/logwtmp.c generates warning message at an
invocation of C library function time because the function expects a
pointer value of type "int" but is supplied with an argument of type
"long". Fix this by using function time64 instead.
I made changes to "src/makefiles/Makefile.du4" as specified by the
following diffs:
32c32
< IFLAGS = -I.. -I../support -Olimit 1000 -DVIRTUAL
--- > IFLAGS = -I.. -I../support -Olimit 1000 -DVIRTUAL -DSECUREOSF >-DHAVE_FCNTL_H 37c37 < LIBES = -lsupport -lresolv --- > LIBES = -lsupport -lresolv -lsecurity I made changes to "src/logwtmp.c" as specified by the following diffs: 195c195 < (void) time(&ut.ut_time); --- > (void) time64(&ut.ut_time); I think these are the main points. I hope this proves helpful to you. Good luck. ======================================================================== The steps above worked fine, but I did have a problem with pathnames.h because the paths specified in it were incompatible with the ones that were used when the original version (pre-enhanced security) was installed. Once I corrected that, it worked fine. Thanks.
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:49:46 EDT