[Bug 1276144] [NEW] Pure-ftpd overwrite protection does not work if resume is used

Nicolas Le Bihan Tue, 04 Feb 2014 05:16:55 -0800

Public bug reported:

Hi,


It seems that there is a bug about the overwrite protection.

Server is :
Distributor ID: Ubuntu
Description:    Ubuntu 12.04.4 LTS
Release:        12.04
Codename:       precise


Pure-Ftpd installed is :
rc  pure-ftpd                         1.0.35-1                          Secure 
and efficient FTP server
ii  pure-ftpd-common                  1.0.35-1                          
Pure-FTPd FTP server (Common Files)
ii  pure-ftpd-ldap                    1.0.35-1                          Secure 
and efficient FTP server with LDAP user authentication


Options are :
AltLog  clf:/var/log/pure-ftpd/transfer.log
AnonymousCantUpload     yes
AntiWarez       yes
AutoRename      yes
CreateHomeDir   yes
Daemonize       yes
DisplayDotFiles no
DontResolve     yes
FortunesFile    /etc/pure-ftpd/conf/.banner
FSCharset       UTF-8
IPV4Only        yes
KeepAllFiles    yes
LDAPConfigFile  /etc/pure-ftpd/db/ldap.conf
MinUID  1000
NoAnonymous     no
NoChmod yes
NoRename        yes
PAMAuthentication       no
PassivePortRange        1 000 010 600
ProhibitDotFilesRead    yes
ProhibitDotFilesWrite   yes
PureDB  /etc/pure-ftpd/pureftpd.pdb
TLS     3
Umask   337 337
UnixAuthentication      no
VerboseLog      yes


                Virtual users are chrooted :
test1:$1$hzsp30D0$bknAXCxCr1xL78SwaROOU1:1002:1001::/ftp/./test1/./::::::::::::
                It system account is :
vi /etc/passwd
ftptest1:x:1002:1001::/dev/null:/etc


Client is using :
Filezilla 3.7.3 within Windows 7.


PROBLEM

For our business with partners, we have to protect data uploaded because no 
modifications have to be done once released on binaries.
So deleting is not permitted, rewrite also in order to protect original data. 
Rights are also modified once uploaded (see umask 337 337)…
All works fine until the following :

If you upload the same file again (account test1), and choose « resume » within 
Filezilla,  you first got a critical error BUT the file is deleted.
Then you’re able to upload a file with same name and we are in fault regarding 
the protection of original data uploaded…

Let me know if you need more details…

** Affects: pure-ftpd (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: overwrite pure-ftpd

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1276144

Title:
  Pure-ftpd overwrite protection does not work if resume is used

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pure-ftpd/+bug/1276144/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1276144] [NEW] Pure-ftpd overwrite protection does not work if resume is used

Reply via email to