From owner-freebsd-security Sat Jan 13 23:57:35 2001 Delivered-To: freebsd-security@freebsd.org Received: from spammie.svbug.com (unknown [198.79.110.2]) by hub.freebsd.org (Postfix) with ESMTP id 1943937B400; Sat, 13 Jan 2001 23:57:14 -0800 (PST) Received: from spammie.svbug.com (localhost.mozie.org [127.0.0.1]) by spammie.svbug.com (8.9.3/8.9.3) with ESMTP id XAA00669; Sat, 13 Jan 2001 23:55:01 -0800 (PST) (envelope-from jessem@spammie.svbug.com) Message-Id: <200101140755.XAA00669@spammie.svbug.com> Date: Sat, 13 Jan 2001 23:54:59 -0800 (PST) From: opentrax@email.com Reply-To: opentrax@email.com Subject: Re: Proposed modification to ftpd To: fschapachnik@vianetworks.com.ar Cc: imp@bsdimp.com, roman@xpert.com, security@FreeBSD.ORG, audit@FreeBSD.ORG In-Reply-To: <200101030016.VAA49573@ns1.via-net-works.net.ar> MIME-Version: 1.0 Content-Type: TEXT/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8BIT Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org No follow-ups to this please. On 2 Jan, Fernando Schapachnik wrote: > En un mensaje anterior, Warner Losh escribió: >> In message <200101021500.MAA18599@ns1.via-net-works.net.ar> Fernando Schapachnik writes: >> : In the patch I made "/./" is an easely changeable #define. >> >> Maybe I missed the pointer to it, but can you post a pointer to your >> patch for review? Audit@ might be a good list to cc it to as well. > > I did in my first post, but here it goes again: PR bin/23944. I also > submitted a follow up that for some reason can't be seen through the > web interface which add checks for strdup result values that are > missing in the first patch. > I'm stating for the record, that I don't believe this option is useful or needed. The authors intent is to emulate wuftpd. My arguement is that people should use wuftpd, if they want hat feature. Nothing suggest that this won't add new security issues. I beleive it will. I remind those reading that Linux has had many security issues, just because of this type of feature-itise. I recommend against this. Warner Losh states he believes it is useful. This issue now passes to those who will review it. If you feel this is also a bad idea, write me I'll help gather evidence against this. If you feel this is a good idea and should be implemented, it is upon you to decide it's next course of action. Lastly, if you feel like telling me I'm wrong, don't bother - just do what you will with this code. best regards, Jessem. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message