Date: Wed, 14 Mar 2001 18:56:01 -0800 (PST) From: Matt Dillon <dillon@earth.backplane.com> To: "David O'Brien" <TrimYourCc@NUXI.com>, Brooks Davis <brooks@one-eyed-alien.net>, freebsd-arch@FreeBSD.ORG Subject: Re: [PATCH] add a SITE MD5 command to ftpd Message-ID: <200103150256.f2F2u1b37896@earth.backplane.com> References: <20010314084651.A23104@ringworld.oblivion.bg> <200103142342.QAA09233@usr08.primenet.com> <20010314161555.A4984@Odin.AC.HMC.Edu> <20010314185026.C7683@dragon.nuxi.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Doesn't SITE MD5 introduce a race condition? What if someone does
a SITE MD5 and someone else then renames or modifies the file before
the first person proceeds to download it?
Also, why bother doing an MD5 on the remote site if 99.9% of the time
you are going to get a match and download the file anyway? You might
as well download it first. Or perhaps simply check the size of the file
for a match (e.g. enhance ports to include the file size to check against
in addition to the MD5), then download it, then do the MD5 on the
local box.
I just don't see much point in adding a command to FTP that isn't going
to be generally useful and has security holes in it to boot.
-Matt
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200103150256.f2F2u1b37896>