[OpenAFS] FTPD vulnerable to glob?
Nathan Neulinger
nneul@umr.edu
Tue, 17 Apr 2001 21:34:50 -0500
Thomas Vincent wrote:
>
> on 4/17/01 6:39 PM, Nathan Neulinger at nneul@umr.edu wrote:
>
> > *laugh* The ftpd server in OpenAFS is probably vulnerable to alot worse
> > than the glob() attack. You'd have to be nuts to actually use it.
>
> That is reassuring. Is anyone working on getting ACL's working in wu-ftpd or
> pro-ftpd?
>
> Cheers,
> Thomas Vincent
>
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo.cgi/openafs-info
I did a bunch of stuff for wuftpd once, but it got ignored by the
maintainers. The best bet I'd suggest is to just install krb5 and use
it's ftpd, as it's 99% functional and just needs tiny mods to add full
afs support.
-- Nathan
------------------------------------------------------------
Nathan Neulinger EMail: nneul@umr.edu
University of Missouri - Rolla Phone: (573) 341-4841
CIS - Systems Programming Fax: (573) 341-4216