Bug 20993

Summary: many ftpd commands not limited to logins
Product: Base System Reporter: jedgar <jedgar>
Component: binAssignee: freebsd-bugs (Nobody) <bugs>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: 4.1-STABLE   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
file.diff none

Description jedgar 2000-09-02 12:20:03 UTC 
	many ftpd commands are not limited to users who are logged in.  The
	following patch teaches TYPE, STRU, MODE, ALLO, STAT, ABOR, SITE IDLE,
	SYST, and REST not to talk to strangers.

How-To-Repeat: 
	Issue a SYST command when connected but not logged in
Comment 1 Sheldon Hearn 2000-09-05 12:36:43 UTC 
On Sat, 02 Sep 2000 07:18:00 -0400, jedgar@fxp.org wrote:

> >Number:         20993
> >Category:       bin
> >Synopsis:       many ftpd commands not limited to logins

This would need to spend a _long_ time in CURRENT before being merged
into RELENG_4.

Ciao,
Sheldon.
Comment 2 jedgar 2000-09-05 12:43:21 UTC 
On Tue, 5 Sep 2000, Sheldon Hearn wrote:

> On Sat, 02 Sep 2000 07:18:00 -0400, jedgar@fxp.org wrote:
> 
> > >Number:         20993
> > >Category:       bin
> > >Synopsis:       many ftpd commands not limited to logins
> 
> This would need to spend a _long_ time in CURRENT before being merged
> into RELENG_4.
> 

Ummm, ok.  The changes are quite trivial, though.

-----
Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org
--------------------------------------------------------
FreeBSD: The Power To Serve   -   http://www.FreeBSD.org
Comment 3 Sheldon Hearn 2000-09-05 12:56:20 UTC 
On Tue, 05 Sep 2000 07:43:21 -0400, "Chris D. Faulhaber" wrote:

> > This would need to spend a _long_ time in CURRENT before being merged
> > into RELENG_4.
> > 
> 
> Ummm, ok.  The changes are quite trivial, though.

The deltas are small and simple, but the potential impact is not
trivial.  How much time have you spent investigating what this will do
to various software packages that rely on the current behaviour?

I realize that several other FTP daemons behave as you propose that ours
should.  I just don't think that we should rush the merge into STABLE,
especially since this doesn't seem to fix any glaring security holes.

Ciao,
Sheldon.
Comment 4 jedgar 2000-09-05 13:30:16 UTC 
On Tue, 5 Sep 2000, Sheldon Hearn wrote:

> 
> 
> On Tue, 05 Sep 2000 07:43:21 -0400, "Chris D. Faulhaber" wrote:
> 
> > > This would need to spend a _long_ time in CURRENT before being merged
> > > into RELENG_4.
> > > 
> > 
> > Ummm, ok.  The changes are quite trivial, though.
> 
> The deltas are small and simple, but the potential impact is not
> trivial.  How much time have you spent investigating what this will do
> to various software packages that rely on the current behaviour?
> 
> I realize that several other FTP daemons behave as you propose that ours
> should.  I just don't think that we should rush the merge into STABLE,
> especially since this doesn't seem to fix any glaring security holes.
> 

a) none of the commands affected should be used if a user is not logged
in, and the patch does not change the behaviour of commands once a user is
authenticated
b) all changes were taken from OpenBSD
c) we currently allow the SYST command to be issued to anyone who connects
(comments about which prompted me to make these changes), which some may
not realize (and others may view as a security concern)
d) Works Here[tm] (ok, lame excuse)
e) if these changes are unwanted, I'll gladly close the PR and save the
gnats bloat.

-----
Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org
--------------------------------------------------------
FreeBSD: The Power To Serve   -   http://www.FreeBSD.org
Comment 5 Sheldon Hearn 2000-09-05 13:46:19 UTC 
On Tue, 05 Sep 2000 08:30:16 -0400, "Chris D. Faulhaber" wrote:

> e) if these changes are unwanted, I'll gladly close the PR and save the
> gnats bloat.

I think the change is desirable.  All I said (third time lucky) is that
we should give this a while to settle in CURRENT before merging it into
STABLE. :-)

Ciao,
Sheldon.
Comment 6 Sheldon Hearn 2000-09-12 14:56:40 UTC 
On Tue, 05 Sep 2000 08:30:16 -0400, "Chris D. Faulhaber" wrote:

> a) none of the commands affected should be used if a user is not logged
> in, and the patch does not change the behaviour of commands once a user is
> authenticated
> b) all changes were taken from OpenBSD
> c) we currently allow the SYST command to be issued to anyone who connects
> (comments about which prompted me to make these changes), which some may
> not realize (and others may view as a security concern)
> d) Works Here[tm] (ok, lame excuse)
> e) if these changes are unwanted, I'll gladly close the PR and save the
> gnats bloat.

I say go ahead and commit it.  The only thing I could spot that would
get you into trouble with the style police is the splitting into two
strings of the following string:

	"Maximum IDLE time must be between 30 and %d seconds"

I'd leave that alone and let it run over the 80 character limit.

Ciao,
Sheldon.
Comment 7 Sheldon Hearn freebsd_committer freebsd_triage 2000-09-12 14:56:46 UTC 
Responsible Changed
From-To: freebsd-bugs->jedgar

Over to the committer himself.
Comment 8 Chris D.Faulhaber freebsd_committer freebsd_triage 2000-09-30 13:35:26 UTC 
Responsible Changed
From-To: jedgar->freebsd-bugs

I am not a -src guy
Comment 9 Chris D.Faulhaber freebsd_committer freebsd_triage 2001-01-20 01:35:15 UTC 
State Changed
From-To: open->closed

Committed, thanks!