|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: ftpd: the advisory version
From: Carson Gaspar (carson
TLA.ORG)Date: Fri Jun 30 2000 - 19:05:20 CDT
- Next message: Richard E. Silverman: "Kerberos security vulnerability in SSH-1.2.27"
- Previous message: Gael Duval: "[Security Announce] dhcp update"
- Next in thread: Mike Gleason: "Re: ftpd: the advisory version"
- Next in thread: Taneli Huuskonen: "Re: ftpd: the advisory version"
- Maybe reply: Carson Gaspar: "Re: ftpd: the advisory version"
- Reply: Mike Gleason: "Re: ftpd: the advisory version"
- Reply: monti: "Re: ftpd: the advisory version"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
>>>>> "Mike" == Mike Eldridge <dizCAFES.NET> writes:
Mike> On Tue, 27 Jun 2000, Olaf Kirch wrote:
>> I.e. publicfile is able to drop root privs because it stops using port 20
>> when creating data connections in response to a PORT command. It's
>> against the spec but works with most clients.
Mike> Against spec, it may be, but in my opinion, it makes more sense.
FYI, it violates a SHOULD, it doesn't violate a MUST, so it is officially in
spec.
-- Carson Gaspar -- carson
- Next message: Richard E. Silverman: "Kerberos security vulnerability in SSH-1.2.27"
- Previous message: Gael Duval: "[Security Announce] dhcp update"
- Next in thread: Mike Gleason: "Re: ftpd: the advisory version"
- Next in thread: Taneli Huuskonen: "Re: ftpd: the advisory version"
- Maybe reply: Carson Gaspar: "Re: ftpd: the advisory version"
- Reply: Mike Gleason: "Re: ftpd: the advisory version"
- Reply: monti: "Re: ftpd: the advisory version"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]