forcing FTP-uploaded files to be of certain types only
B.Candler at pobox.com
Tue Jul 18 12:55:53 UTC 2006
On Mon, Jul 17, 2006 at 01:06:01PM -0400, Mikhail Teterin wrote:
> How hard would it be to make the stock FreeBSD FTP-server to examine the
> first, say, 100Kb of the uploaded file and interrupt transfer if the file is
> of a prohibited or is not of an allowed type?
> Anything under 100Kb is fine, I guess, and 100Kb is more than enough to detect
> compression or lack thereof...
I think the first few bytes should be enough to tell you if it's a gzip,
pkzip or compress archive:
$ gzip -c -9 /etc/services | head -c64 | file -
/dev/stdin: gzip compressed data, was "services", from Unix, max compression
$ compress -c /etc/services | head -c64 | file -
/dev/stdin: compress'd data 16 bits
$ zip - /etc/services | head -c64 | file -
/dev/stdin: Zip archive data, at least v2.0 to extract
How wedded are you to FTP? If this was a HTTP 'PUT' then a simple CGI could
read in 100 bytes, check it is compressed (e.g. with libmagic), then copy
through the rest of the file. The result from the PUT can be a HTML page
saying "all OK" or "please compress your data first"
More information about the freebsd-net