From owner-freebsd-security Wed Aug 16 3:28:17 2000 Delivered-To: freebsd-security@freebsd.org Received: from pawn.primelocation.net (pawn.primelocation.net [205.161.238.235]) by hub.freebsd.org (Postfix) with ESMTP id 16ED837BB73 for ; Wed, 16 Aug 2000 03:28:14 -0700 (PDT) (envelope-from jedgar@fxp.org) Received: from earth (oca-c1s1-13.mfi.net [209.26.94.14]) by pawn.primelocation.net (Postfix) with ESMTP id 0A4B89B05 for ; Wed, 16 Aug 2000 06:28:11 -0400 (EDT) Date: Wed, 16 Aug 2000 06:28:12 -0400 (EDT) From: "Chris D. Faulhaber" X-Sender: jedgar@earth.causticlabs.com To: freebsd-security@FreeBSD.org Subject: Restricting ftpd commands Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I have found quite a few commands that ftpd shouldn't necessarily be responding to if the user hasn't logged in. In total, the following commands are taught to not talk to strangers: TYPE, STRU, MODE, ALLO, ABOR, SITE IDLE, SYST, REST. Many of these were obtained from OpenBSD. As a side note, OpenBSD doesn't restrict many of the command we already do. See http://www.fxp.org/~jedgar/ftpcmd.y.diff for the diff. ----- Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org -------------------------------------------------------- FreeBSD: The Power To Serve - http://www.FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message