Puzzle for October 25, 2006

One well-known institution has a world-writable ftp subdirectory to allow outsiders to deposit items there for internal users, who may retrieve the items. This directory is cleaned periodically by a privileged daemon that deletes all files in that directory.

  1. What are some problems with allowing outsiders to drop files off in an ftp area?
  2. Does the solution adopted (using a privileged command to delete all the files in the directory) overcome these problems?

You can also obtain a PDF version of this. Version of October 24, 2006 at 9:26 PM