From owner-freebsd-stable Sun Mar 18 12:33: 5 2001 Delivered-To: freebsd-stable@freebsd.org Received: from earth.backplane.com (earth-nat-cw.backplane.com [208.161.114.67]) by hub.freebsd.org (Postfix) with ESMTP id 9E58837B719 for ; Sun, 18 Mar 2001 12:33:01 -0800 (PST) (envelope-from dillon@earth.backplane.com) Received: (from dillon@localhost) by earth.backplane.com (8.11.2/8.9.3) id f2IKVt201726; Sun, 18 Mar 2001 12:31:55 -0800 (PST) (envelope-from dillon) Date: Sun, 18 Mar 2001 12:31:55 -0800 (PST) From: Matt Dillon Message-Id: <200103182031.f2IKVt201726@earth.backplane.com> To: Cy Schubert - ITSD Open Systems Group Cc: Jonathan Lemon , stable@FreeBSD.ORG Subject: Re: Not only ftpd's problem with ls */../*..... References: <200103181611.f2IGBf894065@cwsys.cwsent.com> Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Ultimately the only thing I care about is that we not arbitrarily limit a global libc function by default, so I don't care which solution is adopted (api call, structural flag/field, resource limit) as long as the default for glob() is left unlimited. There are advantages and disadvantages to using the datasize resource limit or an API call / structural field inside ftpd to limit the glob function. The biggest advantage of the datasize resource limit is that it is under the ultimate control of the sysad and requires no changes to the system at all (other then backing out the glob commit). The disadvantage is that our current installworld process will not update inetd.conf autoamtically, so most of our target audience won't get the fix. The advantage of an API call / structure field is that we can build a reasonable limit into ftpd (and only ftpd), so our target audience gets the fix as the default, but now we have to provide an additional option to ftpd to set (or entirely remove) the limit to give sysads the ability to adjust it. -Matt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message