From owner-freebsd-arch  Sat Mar 17 15:58:36 2001
Delivered-To: freebsd-arch@freebsd.org
Received: from ohm.physics.purdue.edu (ohm.physics.purdue.edu [128.210.146.32])
	by hub.freebsd.org (Postfix) with ESMTP id A45F337B718
	for <arch@FreeBSD.org>; Sat, 17 Mar 2001 15:58:26 -0800 (PST)
	(envelope-from will@physics.purdue.edu)
Received: (from will@localhost)
	by ohm.physics.purdue.edu (8.11.2/8.9.3) id f2I01kR91050;
	Sat, 17 Mar 2001 19:01:46 -0500 (EST)
	(envelope-from will@physics.purdue.edu)
X-Authentication-Warning: ohm.physics.purdue.edu: will set sender to will@physics.purdue.edu using -f
Date: Sat, 17 Mar 2001 19:01:45 -0500
From: Will Andrews <will@physics.purdue.edu>
To: arch@FreeBSD.org
Cc: Luke Mewburn <lukem@wasabisystems.com>
Subject: Re: [PATCH] add a SITE MD5 command to ftpd
Message-ID: <20010317190145.K61859@ohm.physics.purdue.edu>
Reply-To: Will Andrews <will@physics.purdue.edu>
Mail-Followup-To: Will Andrews <will@physics.purdue.edu>,
	arch@FreeBSD.org, Luke Mewburn <lukem@wasabisystems.com>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="NLszGGfvVP7rUs9N"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
X-Operating-System: FreeBSD 4.2-STABLE i386
Sender: owner-freebsd-arch@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


--NLszGGfvVP7rUs9N
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hi -arch,

Luke Mewburn's reply on this issue.

Luke, check out the archive here:
http://docs.freebsd.org/cgi/mailindex.cgi?sort=3Ddate&file=3Dcurrent/freebs=
d-arch

I think your issues have probably already been hashed out.  So I'll not
say any more until you have a look at the archive.  Others may comment,
though.

----- Forwarded message from Luke Mewburn <lukem@wasabisystems.com> -----

Date: Sun, 18 Mar 2001 10:53:23 +1100
From: Luke Mewburn <lukem@wasabisystems.com>
To: Will Andrews <will@physics.purdue.edu>
Subject: Re: FW: [PATCH] add a SITE MD5 command to ftpd
User-Agent: Mutt/1.2.5i
Sender: lukem@limb.com.au

On Wed, Mar 14, 2001 at 03:49:19PM -0500, Will Andrews wrote:
> What do you think of this?  I'm forwarding in case you hadn't heard
> about ideas like this.  Some discussion that ensued indicated that this
> would be an excellent idea for mirroring purposes, among other things.
>=20
> Since FreeBSD is considering (and some have been working on patches
> towards) simply bringing in lukemftpd into FreeBSD's repository and
> using it as its ftpd, it would be nice to hear your opinion on this.

I think it's possibly a bit messy :-/. Also, NetBSD itself is moving
to newer digests (SHA1, RMD160), and I can see the explosion of
problems supporting multiple hashes from that point :/

Also, it's only useful if all the servers support it, and the majority
of your distfiles (except those you locally mirror on ftp.freebsd.org)
probably won't be on servers that support SITE MD5 anyway.

Sorry to seem so negative about the idea. I'm a bit conservative about
adding features like this without considering the `cleanest' and best
long-term solution.

Can you point me at a mail archive discussing this? Maybe my issues
will have been covered there already.


BTW: I've got a beta version of an auto-conf aware version of ftpd
available (aka lukemftpd :). This would allow an up-to-date ftpd
to be installed other systems (Solaris, Linux) as well as older
NetBSD/FreeBSD releases. I've even got the most recent DoS problem
solved in my source. I could make it available for testing to you if
you wanted to try it on old FreeBSD releases if you were interested.


> ----- Forwarded message from Peter Pentchev <roam@orbitel.bg> -----
>=20
> Date: Tue, 13 Mar 2001 21:15:44 +0200
> From: Peter Pentchev <roam@orbitel.bg>
> To: freebsd-arch@FreeBSD.ORG
> Subject: [PATCH] add a SITE MD5 command to ftpd
> User-Agent: Mutt/1.2.5i
> Sender: owner-freebsd-arch@FreeBSD.ORG
>=20
> Hi,
>=20
> A recent thread about Bill Fenner's distfiles-checking scripts
> set me thinking about easy detection of MD5 checksum mismatches.
> Bill Fenner pointed out that these checks are not done because
> of the sheer volume of the network traffic needed to download
> all the distfiles from all the distsites.
>=20
> I know that adding a ``SITE MD5 filename'' command to our ftpd
> is a *very* little step in a possibly wrong direction (this will
> not automagically make all the ftp daemons on all the distsites
> implement this command), but IMHO, it's a start..  I'm thinking
> of adding similar functionality to wu-ftpd and ProFTPd soon, and
> submitting patches to the authors, in the hope of starting a ball
> rolling :)
>=20
> G'luck,
> Peter
>=20
> --=20
> because I didn't think of a good beginning of it.
>=20
> Index: src/libexec/ftpd/ftpcmd.y
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> RCS file: /home/ncvs/src/libexec/ftpd/ftpcmd.y,v
> retrieving revision 1.21
> diff -u -r1.21 ftpcmd.y
> --- src/libexec/ftpd/ftpcmd.y	2001/02/19 21:51:26	1.21
> +++ src/libexec/ftpd/ftpcmd.y	2001/03/13 18:48:54
> @@ -58,6 +58,7 @@
>  #include <ctype.h>
>  #include <errno.h>
>  #include <glob.h>
> +#include <md5.h>
>  #include <netdb.h>
>  #include <pwd.h>
>  #include <setjmp.h>
> @@ -92,6 +93,7 @@
>  extern  char tmpline[];
>  extern	int readonly;
>  extern	int noepsv;
> +extern	int nomd5;
> =20
>  off_t	restart_point;
> =20
> @@ -126,7 +128,7 @@
>  	CDUP	STOU	SMNT	SYST	SIZE	MDTM
>  	LPRT	LPSV	EPRT	EPSV
> =20
> -	UMASK	IDLE	CHMOD
> +	UMASK	IDLE	CHMOD	MD5
> =20
>  	LEXERR
> =20
> @@ -648,6 +650,34 @@
>  				}
>  			}
>  		}
> +	| SITE SP check_login MD5 SP pathname CRLF
> +		{
> +			if ($3) {
> +				struct stat stbuf;
> +				char hash[33];
> +
> +				if (nomd5)
> +					reply(500,
> +					    "SITE MD5 command disabled",
> +					    $6);
> +				else if (stat($6, &stbuf) < 0)
> +			    		reply(550,
> +					    "%s: %s",
> +					    $6, strerror(errno));
> +				else if (!S_ISREG(stbuf.st_mode))
> +					reply(550,
> +					    "%s: not a plain file",
> +					    $6);
> +				else if (MD5File($6, hash) =3D=3D NULL)
> +					reply(550,
> +					    "%s: %s",
> +					    $6, strerror(errno));
> +				else
> +					reply(200,
> +					    "MD5 %s %s",
> +					    hash, $6);
> +			}
> +		}
>  	| STOU check_login_ro SP pathname CRLF
>  		{
>  			if ($2 && $4 !=3D NULL)
> @@ -1088,6 +1118,7 @@
>  	{ "IDLE", IDLE, ARGS, 1,	"[ <sp> maximum-idle-time ]" },
>  	{ "CHMOD", CHMOD, NSTR, 1,	"<sp> mode <sp> file-name" },
>  	{ "HELP", HELP, OSTR, 1,	"[ <sp> <string> ]" },
> +	{ "MD5", MD5, STR1, 1,		"<sp> file-name" },
>  	{ NULL,   0,    0,    0,	0 }
>  };
> =20
> Index: src/libexec/ftpd/ftpd.8
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> RCS file: /home/ncvs/src/libexec/ftpd/ftpd.8,v
> retrieving revision 1.36
> diff -u -r1.36 ftpd.8
> --- src/libexec/ftpd/ftpd.8	2000/12/18 08:33:25	1.36
> +++ src/libexec/ftpd/ftpd.8	2001/03/13 18:48:54
> @@ -42,6 +42,7 @@
>  .Sh SYNOPSIS
>  .Nm
>  .Op Fl 4
> +.Op Fl 5
>  .Op Fl 6
>  .Op Fl d
>  .Op Fl l Op Fl l
> @@ -153,6 +154,10 @@
>  When
>  .Fl 6
>  is not specified, accept IPv4 connection via AF_INET socket.
> +.It Fl 5
> +Disable the SITE MD5 command.
> +This is useful for preventing possible denial of service attacks,
> +especially on servers allowing anonymous ftp access.
>  .It Fl A
>  Allow only anonymous ftp access.
>  .It Fl r
> Index: src/libexec/ftpd/ftpd.c
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> RCS file: /home/ncvs/src/libexec/ftpd/ftpd.c,v
> retrieving revision 1.73
> diff -u -r1.73 ftpd.c
> --- src/libexec/ftpd/ftpd.c	2001/03/11 13:20:44	1.73
> +++ src/libexec/ftpd/ftpd.c	2001/03/13 18:48:56
> @@ -150,6 +150,7 @@
>  int	pdata =3D -1;		/* for passive mode */
>  int	readonly=3D0;		/* Server is in readonly mode.	*/
>  int	noepsv=3D0;		/* EPSV command is disabled.	*/
> +int	nomd5=3D0;		/* SITE MD5 command is disabled.	*/
>  sig_atomic_t transflag;
>  off_t	file_size;
>  off_t	byte_count;
> @@ -292,7 +293,7 @@
>  #endif /* OLD_SETPROCTITLE */
> =20
> =20
> -	while ((ch =3D getopt(argc, argv, "AdlDESURrt:T:u:va:p:46")) !=3D -1) {
> +	while ((ch =3D getopt(argc, argv, "AdlDESURrt:T:u:va:p:456")) !=3D -1) {
>  		switch (ch) {
>  		case 'D':
>  			daemon_mode++;
> @@ -369,6 +370,10 @@
>  			enable_v4 =3D 1;
>  			if (family =3D=3D AF_UNSPEC)
>  				family =3D AF_INET;
> +			break;
> +
> +		case '5':
> +			nomd5 =3D 1;
>  			break;
> =20
>  		case '6':
>=20
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-arch" in the body of the message
>=20
> ----- End forwarded message -----
>=20
> --=20
> wca



--=20
Luke Mewburn  <lukem@wasabisystems.com>  http://www.wasabisystems.com
Luke Mewburn     <lukem@netbsd.org>      http://www.netbsd.org
Wasabi Systems - providing NetBSD sales, support and service.

----- End forwarded message -----

--=20
wca

--NLszGGfvVP7rUs9N
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.3 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE6s/rpF47idPgWcsURAq36AKCFfiLIv48V0+CtJhjauEvJqmgS8gCfY7Du
myKxnMEwbDe9+S4CG4r+jnM=
=VbYw
-----END PGP SIGNATURE-----

--NLszGGfvVP7rUs9N--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message