Bugtraq mailing list archives

Re: Multiple vendors FTP denial of service

From: "D. J. Bernstein" <djb () CR YP TO>
Date: Sat, 17 Mar 2001 18:55:44 -0000

The FTP specification doesn't require servers to support .. and *. In
fact, it doesn't even mention .. and *. Naturally, publicfile's ftpd
treats * as just another character, and converts . to : after slashes.

FTP does, however, include an NLST command that lists all files in the
current directory, and a CWD command that switches to a new directory,
and a PWD command that lets you return later to the current directory.
See http://cr.yp.to/ftp.html.

Clients that want globbing can easily implement it using these commands.
These clients will work with all FTP servers. Server-side globbing is
unnecessary.

---Dan

Current thread:

Re: Multiple vendors FTP denial of service, (continued)
- Re: Multiple vendors FTP denial of service Jeff Dafoe (Mar 16)
  - Re: Multiple vendors FTP denial of service jedi (Mar 16)
- Re: Multiple vendors FTP denial of service Daniel Roesen (Mar 16)
- Re: Multiple vendors FTP denial of service Elias Levy (Mar 16)
  - Re: Multiple vendors FTP denial of service Elias Levy (Mar 19)
    - Bash memory exhaustion (was Re: Multiple vendors FTP denial of service) Nick Lamb (Mar 20)
    - Re: Multiple vendors FTP denial of service The Flying Hamster (Mar 21)
- Re: Multiple vendors FTP denial of service Mike Gleason (Mar 16)
  - Re: Multiple vendors FTP denial of service Crist Clark (Mar 19)
- Re: Multiple vendors FTP denial of service JT (Mar 19)
- Re: Multiple vendors FTP denial of service D. J. Bernstein (Mar 19)
  - Re: Multiple vendors FTP denial of service jedi (Mar 20)
- Re: Multiple vendors FTP denial of service Pawel Wilk (Mar 20)
- Re: Multiple vendors FTP denial of service Interstellar Overdrive (Mar 23)
- Re: Multiple vendors FTP denial of service Stefan Laudat (Mar 21)
  - Re: Multiple vendors FTP denial of service Nate Eldredge (Mar 22)
  - Re: Multiple vendors FTP denial of service peterw (Mar 22)
  - Re: Multiple vendors FTP denial of service Markku Savela (Mar 22)
- Multiple vendors FTP denial of service Peter Timothey Hessler (Mar 21)