LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 01-07-2004, 07:49 PM   #1
Renaxgade
LQ Newbie
 
Registered: Oct 2003
Posts: 18

Rep: Reputation: 0
Is there any way to do this?


Is there any possible way to limit the contents of a folder to jpeg and gif extensions only? I am hosting an ftp folder for some kids, don't want them doing anything stupid or uploading scripts. I am using ProFTP, so is there a way to make sure or restrict to anything but gif's, or jpeg's being uploaded? TIA.
 
Old 01-07-2004, 08:44 PM   #2
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
Blog Entries: 11

Rep: Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910
And if you could they'd rename it :}

megagame_hack.exe.gif


;)



Cheers,
Tink
 
Old 01-07-2004, 08:46 PM   #3
Renaxgade
LQ Newbie
 
Registered: Oct 2003
Posts: 18

Original Poster
Rep: Reputation: 0
So are you saying you cannot? If they upload exe.gif, it would work as a gif and not an executable right?
 
Old 01-07-2004, 09:17 PM   #4
nrunge
Member
 
Registered: Oct 2003
Distribution: Debian Woody (2.4.22)
Posts: 182

Rep: Reputation: 30
He is saying that that it doesnt matter if you could. File extensions dont really mean anything, they are just for personal organization. I could upload "xxxpron.mpeg.gif" and if I play the file "xxxpron.mpeg.gif" with xine or mpplayer the video would play regardless of the file extension. Or on your server they could upload "superftphax0r.exe.gif" and run it as an executable.
 
Old 01-07-2004, 09:45 PM   #5
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
Blog Entries: 11

Rep: Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910
Quote:
Originally posted by Renaxgade
So are you saying you cannot? If they upload exe.gif, it would work as a gif and not an executable right?
What I was saying is that you can't assume it's
what it says it is. That is, to be MORE safe (there's
always a way around if you're evil, or curious,or
bored) the ftp-daemon would have to run e.g. file against a
file once it's uploaded to determine what it REALLY
is, and delete it if it's something that you don't want.

I don't think that something like
PathAllowFilter
(Config statement for Proftpd) will do anything
but checking the file-name which isn't good enough
if the kids aren't completely dumb trolls.

I'm not quite sure what your concern is, though.
Do you not want the kids to "trade" certain things,
or are you afraid they might compromise your machine?



Cheers,
Tink
 
Old 01-07-2004, 09:55 PM   #6
stickman
Senior Member
 
Registered: Sep 2002
Location: Nashville, TN
Posts: 1,552

Rep: Reputation: 53
You could set up a cron job that would run the file command against every uploaded file in the directory. A good start to pick out non-gif and non-jpg files would be:
file * | grep -v "GIF image" | grep -v "JPEG image" | cut -d: -f1

Of course, this is a very simple test and it's not foolproof but its a start.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 02:07 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration