Date: Tue, 29 Aug 2000 12:00:58 -0400 From: thomas r stromberg <tstromberg@rtci.com> To: "Chris D. Faulhaber" <jedgar@fxp.org> Cc: freebsd-current@freebsd.org Subject: Re: Restricting ftpd commands (fwd) Message-ID: <20000829120058.A5419@rtci.com> In-Reply-To: <Pine.BSF.4.21.0008290704290.93377-100000@earth.causticlabs.com>; from jedgar@fxp.org on Tue, Aug 29, 2000 at 07:06:15AM -0400 References: <Pine.BSF.4.21.0008290704290.93377-100000@earth.causticlabs.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--n8g4imXOkfNTN/H1 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 29-Aug-2000, Chris D. Faulhaber popped this into my mailspool: > The following got no response on -security two weeks ago. Perhaps > -current will have more opinions. >=20 > ---------- Forwarded message ---------- >=20 > I have found quite a few commands that ftpd shouldn't necessarily be > responding to if the user hasn't logged in. In total, the following > commands are taught to not talk to strangers: TYPE, STRU, MODE, ALLO, > ABOR, SITE IDLE, SYST, REST. Many of these were obtained from OpenBSD. >=20 I'd like to see these get in myself -- I had no idea that SYST was available without login (not that 6.00LS doesn't advertise itself).. It appears that NetBSD also behaves this way. Makes sense to me in any case. Any reason why our banner still says 6.0 (wouldn't this make it 6.0.1?), and SYST still returns the original "BSD-199506", even though it definitely been changed in many significant ways since 1995? This has bugged me for years :) BTW, anyone ever notice that ftp.openbsd.org is (more then likely it just claims to be) SunOS 4.1? =20 --=20 thomas r. stromberg : tstromberg@rtci.com senior systems administrator, rtci : http://www.afterthought.org/ \( freebsd - turning doorstops into production webservers )/ --n8g4imXOkfNTN/H1 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.2 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE5q944oyBzPESpFVQRAt+BAJ90FdJh87LjijU9Pg9GRUv3L5aCMQCggTmX ef20TDwOL9p3mZJOV5UGDyY= =D1as -----END PGP SIGNATURE----- --n8g4imXOkfNTN/H1-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000829120058.A5419>