Re: Ftpfs security hole particulary fixed

From: "Andrew V. Samoilov" <kai cmail ru>
To: Pavel Roskin <proski gnu org>
Cc: Midnight Commander Development Team <mc-devel gnome org>
Subject: Re: Ftpfs security hole particulary fixed
Date: Thu, 07 Feb 2002 11:56:02 +0200

Hello!

I tested MC on a few sites and found that it doesn't work onftp.netbsd.org. It shows the top-level directory, but show nothing in/pub. Here's the log:
PASV
227 Entering Passive Mode (204,152,184,75,238,199)
LIST -la /pub/.
150 Opening ASCII mode data connection for '/bin/ls'.
226 Transfer complete.
I think that "LIST -la /pub" would have chances to work on more systems.


Not at ftp.netbsd.org. Single way is "cd then ls" ;-(
Can you report this problem to NetBSD-ftpd developers?

MC before your patch doesn't work on ftp.netbsd.org at all. But youprobably didn't go far enough to eliminate all trailing dots.
 /* Trailing "/." is necessary if remote_path is a symlink
           but don't generate "//." */
Maybe trailing "/" is sufficient? Besides, ftp.netbsd.org/pub is not asymlink. Maybe the code isn't doing what the comment says?



It does, but I have not access to amiga ftp server.
Trailing "/." removed for Amiga server in translate(),
but remote_is_amiga ignored in dir_load().
BTW, why do you complain against "LIST -laL"?

References:
- Re: Ftpfs security hole particulary fixed
  - From: Pavel Roskin

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]