Date: Fri, 9 Mar 2001 01:50:03 -0800 (PST) From: Peter Pentchev <roam@orbitel.bg> To: freebsd-bugs@FreeBSD.org Subject: Re: bin/25598: patch to let ftpd output message when changing directory Message-ID: <200103090950.f299o3672493@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/25598; it has been noted by GNATS. From: Peter Pentchev <roam@orbitel.bg> To: Bernd Luevelsmeyer <bdluevel@heitec.net> Cc: FreeBSD-gnats-submit@freebsd.org Subject: Re: bin/25598: patch to let ftpd output message when changing directory Date: Fri, 9 Mar 2001 11:42:49 +0200 On Fri, Mar 09, 2001 at 09:10:14AM +0100, Bernd Luevelsmeyer wrote: > Peter Pentchev wrote: > > > Of course, then there's the issue of a race condition between a stat() > > and the actual opening.. this might be resolved with a fstat(fileno(fp)) > > right after the fopen(), before the first read from the file. > > I think that's the way to go. To care for unwanted 3rd-party-.messages, > one might perhaps check that it's owned by root, or owned by the > directory owner? Not world-writeable? And limit the output to max. 20 > lines of max. 50 characters each, filtered to printable ASCII (checked > with isprint())? I think most of these checks are reasonable, esp. the owned-by-root-or-owner check (I think that would be the best way to go - allow root to drop .message files all over the place, and let owners put their own), which would also take care of the problem you mentioned earlier, .message files uploaded to public incoming directories. > > Or should FIFO's be considered an issue at all? I believe yes, since > > something similar has been done to inetd recently.. > > It is certainly an issue. I'm afraid I didn't consider this topic at > all. I'll implement the fstat() and a size limitation and/or other > sanity checks, and re-submit the patch. > > I suggest that this ill-conceived PR should be closed. Wouldn't it be better to leave this PR open, so you can post your patches as follow-ups? G'luck, Peter -- I am the thought you are now thinking. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200103090950.f299o3672493>