Ftpfs security hole particulary fixed

Andrew V. Samoilov kai at cmail.ru
Thu Feb 7 09:56:02 UTC 2002


Hello!


> I tested MC on a few sites and found that it doesn't work on 
> ftp.netbsd.org.  It shows the top-level directory, but show nothing in 
> /pub.  Here's the log:
> 
> PASV
> 227 Entering Passive Mode (204,152,184,75,238,199)
> LIST -la /pub/.
> 150 Opening ASCII mode data connection for '/bin/ls'.
> 226 Transfer complete.
> 
> I think that "LIST -la /pub" would have chances to work on more systems.  

Not at ftp.netbsd.org. Single way is "cd then ls" ;-(
Can you report this problem to NetBSD-ftpd developers?

> 
> MC before your patch doesn't work on ftp.netbsd.org at all.  But you 
> probably didn't go far enough to eliminate all trailing dots.
> 
> 
>>  /* Trailing "/." is necessary if remote_path is a symlink
>>            but don't generate "//." */
>>
> 
> Maybe trailing "/" is sufficient?  Besides, ftp.netbsd.org/pub is not a 
> symlink.  Maybe the code isn't doing what the comment says?
> 


It does, but I have not access to amiga ftp server.
Trailing "/." removed for Amiga server in translate(),
but remote_is_amiga ignored in dir_load().
BTW, why do you complain against "LIST -laL"?




More information about the mc-devel mailing list