Date: Mon, 19 Mar 2001 00:12:10 -0800 (PST) From: Matt Dillon <dillon@earth.backplane.com> To: Jonathan Lemon <jlemon@flugsvamp.com> Cc: stable@freebsd.org Subject: Re: Not only ftpd's problem with ls */../*..... Message-ID: <200103190812.f2J8CAp04946@earth.backplane.com> References: <local.mail.freebsd-stable/200103172107.f2HL7Ea02611@cwsys.cwsent.com> <200103172253.f2HMrZ008412@prism.flugsvamp.com> <200103180027.f2I0RSn96769@earth.backplane.com> <20010317222918.B82645@prism.flugsvamp.com> <200103180543.f2I5hb398084@earth.backplane.com> <20010318160034.F82645@prism.flugsvamp.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Well, it's better then nothing I suppose but it doesn't really solve
the ftpd DOS attack (nor does the original patch). Long paths can still
result in a DOS. The limit should probably be specified in bytes
rather then entries. That would solve the problem neatly.
Whatever happens, the release can't go out with the current patch in
place. Even an incomplete patch which defaults to 'off' is better then
a broken patch which defaults to 'on'.
-Matt
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200103190812.f2J8CAp04946>