Bug#29783: marked as done (fsp and ftp relationship (was Re: FSP PACKAGE SECURITY HOLE))
Your message dated Mon, 21 Dec 1998 14:52:47 +0000
with message-id <E0zs6hTemail@example.com>
and subject line Fixed in boot-floppies_2.1.3
has caused the attached bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I'm
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
(administrator, Debian bugs database)
Received: (at submit) by bugs.debian.org; 20 Nov 1998 20:30:11 +0000
Received: (qmail 10286 invoked from network); 20 Nov 1998 20:30:09 -0000
Received: from gilgamesh.cse.ucsc.edu (firstname.lastname@example.org)
by master.debian.org with SMTP; 20 Nov 1998 20:30:09 -0000
Received: (from ben@localhost) by gilgamesh.cse.ucsc.edu (8.9.0/8.6.12) id MAA04029; Fri, 20 Nov 1998 12:30:01 -0800
To: Hamish Moffatt <email@example.com>
Cc: firstname.lastname@example.org, email@example.com
Subject: Re: fsp and ftp relationship (was Re: FSP PACKAGE SECURITY HOLE)
References: <Pine.LNX.3.96LJ1.1b7.981119193008.6744Dfirstname.lastname@example.org> <email@example.com> <19981121030658.A19637@yodeller.rising.com.au>
From: Ben Gertzfield <firstname.lastname@example.org>
Date: 20 Nov 1998 12:30:01 -0800
In-Reply-To: Hamish Moffatt's message of "Sat, 21 Nov 1998 03:06:58 +1100"
X-Mailer: Gnus v5.6.27/XEmacs 20.4 - "Emerald"
>>>>> "Hamish" == Hamish Moffatt <email@example.com> writes:
Hamish> On Thu, Nov 19, 1998 at 07:48:26PM -0800, Ben Gertzfield
>> I don't think it makes sense for fsp to run as the ftp user. I
>> think it's a separate protocol and, since it's included in the
>> Selections method on the boot disks for hamm and slink, about
>> 95% of all the
Hamish> Is that wise? Is it really used much? I've never used it
Hamish> in many years of connectivity. At the university I attend
Hamish> it is banned by all departments, because a few years back
Hamish> most FSP sites were warez sites.
No, it's not wise. I'm forwarding this as a bug report on
Please remove the fsp package from all Selections on the boot disks.
It opens up possible security holes, since it enables anonymous access
to the system without prompting the user, and it's pretty just much a
protocol used for warez anyway.
Brought to you by the letters O and P and the number 18.
"You have my pills!" -- Grampa Simpson
Debian GNU/Linux -- where do you want to go tomorrow? http://www.debian.org/
I'm on FurryMUCK as Che, and EFNet and YiffNet IRC as Che_Fox.