Date: Thu, 21 Dec 2000 08:58:24 -0500 From: Chris Faulhaber <jedgar@fxp.org> To: audit@freebsd.org Subject: Re: Heads Up need to audit the NetBSD ftpd code Message-ID: <20001221085824.A19639@earth.causticlabs.com> In-Reply-To: <20001220181314.D12671@dragon.nuxi.com>; from obrien@freebsd.org on Wed, Dec 20, 2000 at 06:13:14PM -0800 References: <20001220181314.D12671@dragon.nuxi.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Dec 20, 2000 at 06:13:14PM -0800, David O'Brien wrote: > I intend to to import the NetBSD ftpd code in the near-term future. It > has much more functionality of our's -- on par of having the most useful > features of wu-ftpd. And many feel it is a better code base with less > bug (especially ones that can be security vulnerabilities). > > However, before I import it, Warner Losh thought it should be brought up > for review. > > So please have at > ftp://ftp.netbsd.org/pub/NetBSD/NetBSD-current/src/libexec/ftpd/ > Am I too paranoid in requesting that STAT and SYST only be available to users who are logged in? -- Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org -------------------------------------------------------- FreeBSD: The Power To Serve - http://www.FreeBSD.org Index: ftpcmd.y =================================================================== RCS file: /cvsroot/basesrc/libexec/ftpd/ftpcmd.y,v retrieving revision 1.48.2.1 diff -u -r1.48.2.1 ftpcmd.y --- ftpcmd.y 2000/07/25 08:38:38 1.48.2.1 +++ ftpcmd.y 2000/12/21 13:25:32 @@ -736,7 +736,7 @@ } } - | SYST CRLF + | SYST check_login CRLF { if (EMPTYSTR(version)) reply(215, "UNIX Type: L%d", NBBY); @@ -753,7 +753,7 @@ free($4); } - | STAT CRLF + | STAT check_login CRLF { statcmd(); } To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001221085824.A19639>