Bugtraq mailing list archives

Re: ftpd: the advisory version

From: carson () TLA ORG (Carson Gaspar)
Date: Fri, 30 Jun 2000 20:05:20 -0400

"Mike" == Mike Eldridge <diz () CAFES NET> writes:


Mike> On Tue, 27 Jun 2000, Olaf Kirch wrote:

I.e. publicfile is able to drop root privs because it stops using port 20
when creating data connections in response to a PORT command. It's
against the spec but works with most clients.


Mike> Against spec, it may be, but in my opinion, it makes more sense.

FYI, it violates a SHOULD, it doesn't violate a MUST, so it is officially in
spec.

--
Carson Gaspar -- carson () tla org
Queen Trapped in a Butch Body

Current thread:

Re: ftpd: the advisory version Valdis Kletnieks (Jun 30)
- Re: ftpd: the advisory version Tom Perrine (Jul 02)
- Conclusion to recent working WuFTPD Exploits Eric Hines (Jul 05)
- <Possible follow-ups>
- Re: ftpd: the advisory version Carson Gaspar (Jun 30)
  - Re: ftpd: the advisory version Mike Gleason (Jul 02)
  - [RHSA-2000:016-03] Multiple local imwheel vulnerabilities bugzilla () REDHAT COM (Jul 03)
  - Re: ftpd: the advisory version monti (Jul 05)
    - Re: ftpd: the advisory version D. J. Bernstein (Jul 06)
    - Re: ftpd: the advisory version monti (Jul 07)
    - Re: ftpd: the advisory version Mikael Olsson (Jul 07)
    - Re: ftpd: the advisory version David Maxwell (Jul 07)
    - Re: ftpd: the advisory version D. J. Bernstein (Jul 10)
    - Re: ftpd: the advisory version Richard Rager (Jul 11)
    - Infosec.20000712.worldclient.2.1 Rikard Carlsson (Jul 12)

(Thread continues...)