Re: FTP/security

To: Alexei Khlebnikov <khlebnikov@scnsoft.com>, "debian-russian@lists.debian.org" <debian-russian@lists.debian.org>
Subject: Re: FTP/security
From: Pavel Epifanov <pavel_e@yahoo.com>
Date: Fri, 9 Nov 2001 05:19:38 -0800 (PST)
Message-id: <[🔎] 20011109131938.69150.qmail@web20510.mail.yahoo.com>
In-reply-to: <[🔎] 3BEBB8C3.B5A196F7@scnsoft.com>

There is a fix (about one year old :) for this situation: a special
construction in the ProFTPd configuration:

DenyFilter \*.*/

(Note from http://www.proftpd.org/critbugs.html :
A fixed version of GNU glob is used in ProFTPD 1.2.2rc1 and later.)

So there is no reason either change a software or contact maintainer because
he/they knows about this :)

--- Alexei Khlebnikov <khlebnikov@scnsoft.com> wrote:
> Roman Kovalenko wrote:
> 
> > òÅÛÉÌ ×ÏÔ ÐÒÏÔÅÓÔÉÒÏ×ÁÔØ ÎÏ×ÙÊ ÓÅÒ×ÅÒ. úÁÐÕÓÔÉÌ Ó ÓÏÓÅÄÎÅÇÏ ËÏÍÐØÀÔÅÒÁ
> > DÏS-ÁÔÁËÕ (ls
> */../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*) ÎÁ FTP
> (ProFTPD
> > 1.2.0pre10 ÉÚ 2.2r3). ðÒÏÃÅÓÓ ÔÕÔ ÖÅ ÏÔßÅÌ ×ÓÀ ÐÁÍÑÔØ ×ÍÅÓÔÅ ÓÏ Ó×ÏÐÏÍ :-(
> ÷Ó×ÑÚÉ Ó
> > ÜÔÉÍ ×ÏÐÒÏÓ:
> > þÔÏ ÍÏÖÎÏ ÐÏÓÔÁ×ÉÔØ ×ÍÅÓÔÏ ÜÔÏÇÏ ftp, ÞÔÏÂ ÎÅ ÐÏÄÏÂÎÏÇÏ ÂÏÌÅÅ ÎÅ
> ÐÏ×ÔÏÒÑÌÏÓØ?
> 
> é Ñ ÂÙ ÅÝÅ ÎÁ Ô×ÏÅÍ ÍÅÓÔÅ ÎÁÐÉÓÁÌ ÍÜÊÎÔÅÊÎÅÒÕ ÐÁËÅÔÁ ProFTPD ÏÂ ÜÔÏÍ.
> 


__________________________________________________
Do You Yahoo!?
Find a job, post your resume.
http://careers.yahoo.com

Reply to:

References:
- Re: FTP/security
  - From: Alexei Khlebnikov <khlebnikov@scnsoft.com>

Prev by Date: r0 -> r4
Next by Date: Re: Unicode HOWTO v0.1
Previous by thread: Re: FTP/security
Next by thread: Re: FTP/security
Index(es):
- Date
- Thread