Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 19 Jan 2002 13:02:24 -0800
From:      Michael Smith <msmith@freebsd.org>
To:        Matthew Dillon <dillon@apollo.backplane.com>
Cc:        Aaron Smith <aaron-fbsd@mutex.org>, freebsd-hackers@FreeBSD.ORG
Subject:   Re: ftpd patch that saves me a lot of hassle 
Message-ID:  <200201192102.g0JL2Op01400@mass.dis.org>
In-Reply-To: Your message of "Sat, 19 Jan 2002 12:55:29 PST." <200201192055.g0JKtT151813@apollo.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

Use isprint() on the entire string; this will give the desired result in 
most cases.  It should probably be optional (defaulting to on, since it's 
a security measure).


>     What?  You don't like directories named '...w^Ha^Hr^He^Hz^H^H^H' ?
> 
>     I like it, but there are a few problems.  What about underscore?  And
>     will this mess up people using ftp outside the U.S.?
> 
> 					-Matt
> 					Matthew Dillon 
> 					<dillon@backplane.com>
> 
> 
> :I got sick of (presumably) warez people probing my anonymous ftp site and
> :dropping all kinds of hard-to-delete trash in incoming, so I patched my
> :ftpd to only allow directories to start with alphanumerics. There's
> :probably a better solution, but this works for me so I figure'd I'd share.
> :
> :Combining this with a umask that doesn't allow reading uploaded files keeps
> :things reasonably well in hand.
> :
> :--Aaron
> :
> :
> :Index: ftpd.c
> :===================================================================
> :RCS file: /usr/cvs/src/libexec/ftpd/ftpd.c,v
> :retrieving revision 1.62.2.15
> :diff -u -r1.62.2.15 ftpd.c
> :--- ftpd.c	2001/12/18 18:35:55	1.62.2.15
> :+++ ftpd.c	2002/01/19 09:47:42
> :@@ -2216,6 +2216,12 @@
> : {
> : 
> : 	LOGCMD("mkdir", name);
> :+
> :+	if (!isalnum(*name)) {
> :+		reply(521, "Bite me.");
> :+		return;
> :+	}
> :+
> : 	if (mkdir(name, 0777) < 0)
> : 		perror_reply(550, name);
> : 	else
> :
> :To Unsubscribe: send mail to majordomo@FreeBSD.org
> :with "unsubscribe freebsd-hackers" in the body of the message
> :
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-hackers" in the body of the message



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200201192102.g0JL2Op01400>