[gopher] FW: [Bug 71916] security problem with gopher and arbitary ports
----- Forwarded message from bugzilla-daemon@mozilla.org -----
From: bugzilla-daemon@mozilla.org
Date: Mon, 22 Jul 2002 19:00:49 -0700 (PDT)
To: jgoerzen@complete.org
Subject: [Bug 71916] security problem with gopher and arbitary ports
http://bugzilla.mozilla.org/show_bug.cgi?id=71916
------- Additional Comments From jgoerzen@complete.org 2002-07-22 19:00 -------
I'd also like to highlight some other statements made in this bug.
The original report states that this could not be a problem with HTTP or FTP because of the header. This is not so. Plenty of protocols could be
made to easily ignore that header (SMTP for one, NNTP for another, with IMAP, it would actually be perfectly valid "GET LOGIN foo bar" is a login
IMAP command). So the original premise that this is only a Gopher problem is flawed. Therefore, the conclusion that "gopher should be singled out"
is equally flawed.
Mitchell Stoltz asserted that there are "infintessimally few" running on nonstandard ports. I have shown you, in about 3 minutes of searching, over
a million documents located on nonstandard ports in Gopherspace.
Bradley, you yourself say this is exploitable with HTTP. Another reason that it seems weird to single-out Gopher.
Plenty of people want to run software on non-privileged ports for various reasons, including security.
----- End forwarded message -----
--
John Goerzen <jgoerzen@complete.org> GPG: 0x8A1D9A1F www.complete.org
Reply to: