Oberon || Library || Module Index || Search Engine || Definition || Module

Ulm's Oberon Library:
FTPUnixFileSystems

NAME

FTPUnixFileSystems - present selected UNIX file hierarchy for FTP

SYNOPSIS

PROCEDURE AddHandler(session: FTPSessions.Session; root: ARRAY OF CHAR);
PROCEDURE PermitUploads(session: FTPSessions.Session);
PROCEDURE PermitUpdates(session: FTPSessions.Session);

DESCRIPTION

FTPUnixFileSystems provides a handler for FTPSessions that presents a selected file hierarchy of a UNIX file system for the FTP protocol.

AddHandler installs the support for following FTP commands in conformance to RFC 959 that allows to access the directory designated by root and all sub-directories thereof. A pseudo chroot jail on base of FTPUnixPaths is established that maps ``..'' of root to root and interpretes all symbolic links below root relative to root.

By default, read-only access is provided that may be extended by PermitUploads which allows non-destructive uploads that prohibit any changes of existing files and PermitUpdates that enables unrestricted access (inside the pseudo chroot jail).

Following FTP commands are handled:

FTPCommands.allo is responded by a short message that ALLO is obsolete.
FTPCommands.appe and FTPCommands.stor are supported, if permitted.
FTPCommands.cdup is equivalent to FTPCommands.cwd with an argument of ``..''.
FTPCommands.cwd changes the current directory of a FTP session (but not that of the server process).
FTPCommands.list and FTPCommands.nlst: Directory listings on base of FTPUnixDirLister.
FTPCommands.mdtm and FTPCommands.size: File attribute inquiries in conformance to ``Extensions to FTP'' by the FTPEXT Working Group of the IETF, see http://www.ietf.org/internet-drafts/draft-ietf-ftpext-mlst-12.txt.
FTPCommands.mkd and FTPCommands.rmd are supported, if permitted.
FTPCommands.mode: The only supported transfer mode is ``S'' (stream mode).
FTPCommands.pwd: Prints the current working directory as absolute path (beginning with ``/'') that is interpreted relative to root.
FTPCommands.rnfr and FTPCommands.rnto are supported in case of unrestricted write access (PermitUpdates).
FTPCommands.rest: File positions beside 0 are accepted in binary mode only.
FTPCommands.stru: The only supported file structure is ``F'' (text file).
FTPCommands.syst is answered with ``UNIX Type: L8''.
FTPCommands.type: The only accepted transfer types are ``A'', ``A N'' (ASCII mode with LF to CR-LF conversion or vice-versa), ``I'', and ``L 8'' (binary mode without conversions).
FTPCommands.xcup, FTPCommands.xcwd, FTPCommands.xmkd, FTPCommands.xpwd, FTPCommands.xrmd are supported in conformance to RFC 775 and equivalent to their counterparts of RFC 959.

DIAGNOSTICS

FTPUnixFileSystems does not generate error events on its own but relates all error events to session where they may be evaluated and logged later by FTPLoggers and FTPLogPrinter.

SECURITY CONSIDERATIONS

"/" should never be passed to root. This enables otherwise a large number of attacks on various devices in /dev or conflicts with other processes in directories like /tmp that are writable for everybody. In general, root should be restricted to private sub-directories where information leaks provide no security threat and uploaded files are not considered as executable files or program text without further checks. Even read-only accesses to home directories are to be considered as dangerous as they open access to otherwise secret informations like .ssh/identity (see ssh(1)). AddHandler, however, accepts anything as root.

All response texts generated by FTPUnixFileSystems avoid leakage of the path of root and detailed error messages that are directly derived from error events. Instead all pathnames are presented relative to root and standard error messages are given in case of failures. More informations may be taken from the logs.

The security considerations of FTPUnixDirLister and FTPUnixPaths apply.

BUGS

FTPCommands.stou is not yet implemented.

Edited by: borchert, last change: 2003/07/10, revision: 1.3, converted to HTML: 2003/07/10