From owner-freebsd-questions  Thu Aug 16  0:26:57 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from hawk.mail.pas.earthlink.net (hawk.mail.pas.earthlink.net [207.217.120.22])
	by hub.freebsd.org (Postfix) with ESMTP
	id D498537B40F; Thu, 16 Aug 2001 00:26:51 -0700 (PDT)
	(envelope-from cjc@earthlink.net)
Received: from blossom.cjclark.org (dialup-209.247.138.252.Dial1.SanJose1.Level3.net [209.247.138.252])
	by hawk.mail.pas.earthlink.net (EL-8_9_3_3/8.9.3) with ESMTP id AAA18839;
	Thu, 16 Aug 2001 00:26:48 -0700 (PDT)
Received: (from cjc@localhost)
	by blossom.cjclark.org (8.11.4/8.11.3) id f7G7QjR03056;
	Thu, 16 Aug 2001 00:26:45 -0700 (PDT)
	(envelope-from cjc)
Date: Thu, 16 Aug 2001 00:26:45 -0700
From: "Crist J. Clark" <cristjc@earthlink.net>
To: Ted Mittelstaedt <tedm@toybox.placo.com>
Cc: Ruslan Ermilov <ru@FreeBSD.ORG>, Greg Lehey <grog@FreeBSD.ORG>,
	Ryan Thompson <ryan@sasknow.com>,
	William Nunn <yorkie123@hotmail.com>, freebsd-questions@FreeBSD.ORG
Subject: Re: Remotely Exploitable telnetd bug
Message-ID: <20010816002645.I330@blossom.cjclark.org>
Reply-To: cjclark@alum.mit.edu
References: <20010815103807.D47417@sunbay.com> <002501c1256a$e846ce00$1401a8c0@tedm.placo.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <002501c1256a$e846ce00$1401a8c0@tedm.placo.com>; from tedm@toybox.placo.com on Wed, Aug 15, 2001 at 02:16:03AM -0700
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On Wed, Aug 15, 2001 at 02:16:03AM -0700, Ted Mittelstaedt wrote:
> >-----Original Message-----
> >From: Ruslan Ermilov [mailto:ru@FreeBSD.ORG]
> >Sent: Wednesday, August 15, 2001 12:38 AM
> >To: Greg Lehey
> >Cc: Ted Mittelstaedt; Ryan Thompson; William Nunn;
> >freebsd-questions@FreeBSD.ORG
> >Subject: Re: Remotely Exploitable telnetd bug

[snip]

> >There are security extensions exist for FTP, see RFC2228 for details.
> >lukemftpd (currently in contrib/lukemftpd) is going to support these,
> >AFAIK.
> >
> 
> It's going to be many years before even a quarter of the FTP clients in use
> out there support these.

We can all hope and pray that FTP dies the slow and agonizing death it
deserves before we bother to hack security into this fundamentally
screwed up protocol.

Unfortunately, I think FTP will last as long as TCP/IP does.
-- 
Crist J. Clark                           cjclark@alum.mit.edu

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message