Re: ftpd: the advisory version

[lamagra () HACKERMAIL NET (Lamagra Argamal)]

first of all thanks for liking my lame post :)
2nd I hope you all know that bug isn't fixed. I'm not going to do this because the code is soooo messy, I wouldn't know 
where to begin.  Like with that "space stops sanitizing" should the rest be stripped off? Someone should really do 
rewrite someday.
Someone write a small quick patch, so the "world" is safe again. Wouldn't like seeing all those computers in the hands 
of those script-kiddies. Changing lreply(200,buf)
into lreply(200,"%s",buf) would do for a while, but other patching is needed too. Or everyone could run proftpd :)

About ncftpd, never worked with it nor seen the code.
If you like I could do a bugcheck during the summer.

Last thing, I've been thinking about the general ftp protocol and there is only 1 reason why it should run as root 
after authentication. Namely to bind the dataconnection to port <ftpport - 1> (mostly 20). And we all know high ports 
require root priviledges for binding.
Couldn't you change it to bind to the port at startup.
This would require some other changes to prevent DoS etc
But it should be possible, after that the daemon can just drop all priviledges after authentication. Giving an attacker 
nothing. 

Well just some things to work and think about.
If you have any questions, ask away.

BTW: the ftp program (linux,bsd,windows) has the same kinda bug in the QUOTE command, look at command().
Doesn't really give a problem tho, just annoying.

-lamagra
http://lamagra.seKure.de (update soon)
http://roothat.labs.pulltheplug.com (exploit games etc)

Send someone a cool Dynamitemail flashcard greeting!! And get rewarded.
GO AHEAD! http://cards.dynamitemail.com/index.php3?rid=fc-41