Date: Sat, 19 Jan 2002 13:20:54 -0800 From: Aaron Smith <aaron@gelatinous.com> To: Michael Smith <msmith@freebsd.org> Cc: Matthew Dillon <dillon@apollo.backplane.com>, freebsd-hackers@FreeBSD.ORG Subject: Re: ftpd patch that saves me a lot of hassle Message-ID: <20020119132054.F909@gelatinous.com> In-Reply-To: <200201192102.g0JL2Op01400@mass.dis.org>; from msmith@freebsd.org on Sat, Jan 19, 2002 at 01:02:24PM -0800 References: <200201192055.g0JKtT151813@apollo.backplane.com> <200201192102.g0JL2Op01400@mass.dis.org>
next in thread | previous in thread | raw e-mail | index | archive | help
The reason I only test the first character is that lots of filenames I
actually want uploaded may have some funkiness somewhere in their midst.
With an alnum first character I can deal with trash using tab completion
and not block the files I deal with normally.
isprint() is too liberal to save me time -- one careless evening, deleting
a directory named '~' made me have to go to backups. isprint allows a great
deal of stuff i don't want to hassle with, like ~ and &.
Allowing directories to start with underscore sounds reasonable to me,
though. Another idea would be mapping certain special characters to
underscore. Does anyone know if other ftpds like luke's or wu address this
issue?
I wasn't proposing this as a default inclusion, but as far as that goes: a
non-default option noted in the "setting up an anonymous FTP site" section
of the ftpd docs seems the most appropriate option. It's just to save
administrators of anonymous ftp sites a little headache of hidden files and
those beginning with spaces or garbage.
Lots of people will be bitten by this if they don't know about it, especially
if it applies to non-anonymous users. "Why can't I upload my file?" It
should probably test whether the user is anonymous.
If people actually would use such an ftpd option, I'll clean it up and
submit a new patch with doc changes.
Aaron
On Sat, Jan 19, 2002 at 01:02:24PM -0800, Michael Smith wrote:
>
> Use isprint() on the entire string; this will give the desired result in
> most cases. It should probably be optional (defaulting to on, since it's
> a security measure).
>
>
> > What? You don't like directories named '...w^Ha^Hr^He^Hz^H^H^H' ?
> >
> > I like it, but there are a few problems. What about underscore? And
> > will this mess up people using ftp outside the U.S.?
> >
> > -Matt
> > Matthew Dillon
> > <dillon@backplane.com>
> >
> >
> > :I got sick of (presumably) warez people probing my anonymous ftp site and
> > :dropping all kinds of hard-to-delete trash in incoming, so I patched my
> > :ftpd to only allow directories to start with alphanumerics. There's
> > :probably a better solution, but this works for me so I figure'd I'd share.
> > :
> > :Combining this with a umask that doesn't allow reading uploaded files keeps
> > :things reasonably well in hand.
> > :
> > :--Aaron
> > :
> > :
> > :Index: ftpd.c
> > :===================================================================
> > :RCS file: /usr/cvs/src/libexec/ftpd/ftpd.c,v
> > :retrieving revision 1.62.2.15
> > :diff -u -r1.62.2.15 ftpd.c
> > :--- ftpd.c 2001/12/18 18:35:55 1.62.2.15
> > :+++ ftpd.c 2002/01/19 09:47:42
> > :@@ -2216,6 +2216,12 @@
> > : {
> > :
> > : LOGCMD("mkdir", name);
> > :+
> > :+ if (!isalnum(*name)) {
> > :+ reply(521, "Bite me.");
> > :+ return;
> > :+ }
> > :+
> > : if (mkdir(name, 0777) < 0)
> > : perror_reply(550, name);
> > : else
> > :
> > :To Unsubscribe: send mail to majordomo@FreeBSD.org
> > :with "unsubscribe freebsd-hackers" in the body of the message
> > :
> >
> >
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-hackers" in the body of the message
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020119132054.F909>