Date: Wed, 16 Aug 2000 06:28:12 -0400 (EDT) From: "Chris D. Faulhaber" <jedgar@fxp.org> To: freebsd-security@FreeBSD.org Subject: Restricting ftpd commands Message-ID: <Pine.BSF.4.21.0008152038470.49740-100000@earth.causticlabs.com>
next in thread | raw e-mail | index | archive | help
I have found quite a few commands that ftpd shouldn't necessarily be responding to if the user hasn't logged in. In total, the following commands are taught to not talk to strangers: TYPE, STRU, MODE, ALLO, ABOR, SITE IDLE, SYST, REST. Many of these were obtained from OpenBSD. As a side note, OpenBSD doesn't restrict many of the command we already do. See http://www.fxp.org/~jedgar/ftpcmd.y.diff for the diff. ----- Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org -------------------------------------------------------- FreeBSD: The Power To Serve - http://www.FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0008152038470.49740-100000>