[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#29783: marked as done (fsp and ftp relationship (was Re: FSP PACKAGE SECURITY HOLE))

Your message dated Mon, 21 Dec 1998 14:52:47 +0000
with message-id <E0zs6hT-0000r8-00@molec3.dfis.ull.es>
and subject line Fixed in boot-floppies_2.1.3
has caused the attached bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I'm
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Ian Jackson
(administrator, Debian bugs database)

Received: (at submit) by bugs.debian.org; 20 Nov 1998 20:30:11 +0000
Received: (qmail 10286 invoked from network); 20 Nov 1998 20:30:09 -0000
Received: from gilgamesh.cse.ucsc.edu (ben@
  by master.debian.org with SMTP; 20 Nov 1998 20:30:09 -0000
Received: (from ben@localhost) by gilgamesh.cse.ucsc.edu (8.9.0/8.6.12) id MAA04029; Fri, 20 Nov 1998 12:30:01 -0800
Sender: ben@cse.ucsc.edu
To: Hamish Moffatt <hamish@debian.org>
Cc: debian-private@lists.debian.org, submit@bugs.debian.org
Subject: Re: fsp and ftp relationship (was Re: FSP PACKAGE SECURITY HOLE)
References: <Pine.LNX.3.96LJ1.1b7.981119193008.6744D-100000@bug.trap.mtview.ca.us> <yttpvajdnxx.fsf@gilgamesh.cse.ucsc.edu> <19981121030658.A19637@yodeller.rising.com.au>
X-Face: -eDkx0I[vNsajBStK^((#;s#wZr+;?Up|;+Zw5JOl]'fINagA)&i4=$2WI'z4U!h0>;A3ON
From: Ben Gertzfield <che@debian.org>
Date: 20 Nov 1998 12:30:01 -0800
In-Reply-To: Hamish Moffatt's message of "Sat, 21 Nov 1998 03:06:58 +1100"
Message-ID: <ytt67ca2jli.fsf@gilgamesh.cse.ucsc.edu>
Lines: 32
X-Mailer: Gnus v5.6.27/XEmacs 20.4 - "Emerald"

Package: boot-floppies
Version: 2.0.11

>>>>> "Hamish" == Hamish Moffatt <hamish@debian.org> writes:

    Hamish> On Thu, Nov 19, 1998 at 07:48:26PM -0800, Ben Gertzfield
    Hamish> wrote:
    >> I don't think it makes sense for fsp to run as the ftp user. I
    >> think it's a separate protocol and, since it's included in the
    >> Selections method on the boot disks for hamm and slink, about
    >> 95% of all the

    Hamish> Is that wise? Is it really used much? I've never used it
    Hamish> in many years of connectivity. At the university I attend
    Hamish> it is banned by all departments, because a few years back
    Hamish> most FSP sites were warez sites.

No, it's not wise. I'm forwarding this as a bug report on

Please remove the fsp package from all Selections on the boot disks.
It opens up possible security holes, since it enables anonymous access
to the system without prompting the user, and it's pretty just much a
protocol used for warez anyway.


Brought to you by the letters O and P and the number 18.
"You have my pills!" -- Grampa Simpson
Debian GNU/Linux -- where do you want to go tomorrow? http://www.debian.org/
I'm on FurryMUCK as Che, and EFNet and YiffNet IRC as Che_Fox.

Reply to: