Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 13 Jan 2001 23:54:59 -0800 (PST)
From:      opentrax@email.com
To:        fschapachnik@vianetworks.com.ar
Cc:        imp@bsdimp.com, roman@xpert.com, security@FreeBSD.ORG, audit@FreeBSD.ORG
Subject:   Re: Proposed modification to ftpd
Message-ID:  <200101140755.XAA00669@spammie.svbug.com>
In-Reply-To: <200101030016.VAA49573@ns1.via-net-works.net.ar>

next in thread | previous in thread | raw e-mail | index | archive | help
No follow-ups to this please.	

On  2 Jan, Fernando Schapachnik wrote:
> En un mensaje anterior, Warner Losh escribió:
>> In message <200101021500.MAA18599@ns1.via-net-works.net.ar> Fernando Schapachnik writes:
>> : In the patch I made "/./" is an easely changeable #define.
>> 
>> Maybe I missed the pointer to it, but can you post a pointer to your
>> patch for review?  Audit@ might be a good list to cc it to as well.
> 
> I did in my first post, but here it goes again: PR bin/23944. I also
> submitted a follow up that for some reason can't be seen through the
> web interface which add checks for strdup result values that are
> missing in the first patch.
> 
I'm stating for the record, that I don't believe this 
option is useful or needed. The authors intent is to
emulate wuftpd. My arguement is that people should use
wuftpd, if they want hat feature. 

Nothing suggest that this won't add new security issues.
I beleive it will. I remind those reading that Linux has
had many security issues, just because of this type of
feature-itise. 

I recommend against this. Warner Losh states he believes
it is useful. This issue now passes to those who will
review it. If you feel this is also a bad idea, write me
I'll help gather evidence against this. If you feel this
is a good idea and should be implemented, it is upon
you to decide it's next course of action.

Lastly, if you feel like telling me I'm wrong, don't bother
- just do what you will with this code.

				best regards,
				Jessem.




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200101140755.XAA00669>