From owner-freebsd-hackers Sat Jan 19 13: 2:14 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mass.dis.org (dhcp45-21.dis.org [216.240.45.21]) by hub.freebsd.org (Postfix) with ESMTP id 7F1E537B42F for ; Sat, 19 Jan 2002 13:01:57 -0800 (PST) Received: from mass.dis.org (localhost [127.0.0.1]) by mass.dis.org (8.11.6/8.11.6) with ESMTP id g0JL2Op01400; Sat, 19 Jan 2002 13:02:24 -0800 (PST) (envelope-from msmith@mass.dis.org) Message-Id: <200201192102.g0JL2Op01400@mass.dis.org> X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4 To: Matthew Dillon Cc: Aaron Smith , freebsd-hackers@FreeBSD.ORG Subject: Re: ftpd patch that saves me a lot of hassle In-reply-to: Your message of "Sat, 19 Jan 2002 12:55:29 PST." <200201192055.g0JKtT151813@apollo.backplane.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Sat, 19 Jan 2002 13:02:24 -0800 From: Michael Smith Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Use isprint() on the entire string; this will give the desired result in most cases. It should probably be optional (defaulting to on, since it's a security measure). > What? You don't like directories named '...w^Ha^Hr^He^Hz^H^H^H' ? > > I like it, but there are a few problems. What about underscore? And > will this mess up people using ftp outside the U.S.? > > -Matt > Matthew Dillon > > > > :I got sick of (presumably) warez people probing my anonymous ftp site and > :dropping all kinds of hard-to-delete trash in incoming, so I patched my > :ftpd to only allow directories to start with alphanumerics. There's > :probably a better solution, but this works for me so I figure'd I'd share. > : > :Combining this with a umask that doesn't allow reading uploaded files keeps > :things reasonably well in hand. > : > :--Aaron > : > : > :Index: ftpd.c > :=================================================================== > :RCS file: /usr/cvs/src/libexec/ftpd/ftpd.c,v > :retrieving revision 1.62.2.15 > :diff -u -r1.62.2.15 ftpd.c > :--- ftpd.c 2001/12/18 18:35:55 1.62.2.15 > :+++ ftpd.c 2002/01/19 09:47:42 > :@@ -2216,6 +2216,12 @@ > : { > : > : LOGCMD("mkdir", name); > :+ > :+ if (!isalnum(*name)) { > :+ reply(521, "Bite me."); > :+ return; > :+ } > :+ > : if (mkdir(name, 0777) < 0) > : perror_reply(550, name); > : else > : > :To Unsubscribe: send mail to majordomo@FreeBSD.org > :with "unsubscribe freebsd-hackers" in the body of the message > : > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-hackers" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message