37 messages in org.freebsd.freebsd-archRe: Importing lukemftpd| From | Sent On | Attachments |
|---|---|---|
| Mike Heffner | Jul 16, 2001 6:24 pm | |
| Dima Dorfman | Jul 16, 2001 10:33 pm | |
| Dan Moschuk | Jul 17, 2001 10:22 am | |
| Kris Kennaway | Jul 17, 2001 10:35 am | |
| Mike Heffner | Jul 17, 2001 4:01 pm | |
| Mike Heffner | Jul 17, 2001 4:29 pm | |
| Greg Lehey | Jul 18, 2001 12:53 am | |
| Alfred Perlstein | Jul 18, 2001 1:04 am | |
| Dan Moschuk | Jul 18, 2001 11:50 am | |
| Dan Moschuk | Jul 18, 2001 11:51 am | |
| Mike Heffner | Jul 18, 2001 8:50 pm | |
| Kris Kennaway | Jul 19, 2001 2:33 am | |
| David O'Brien | Jul 19, 2001 11:21 am |  .patch, .patch |
| Kris Kennaway | Jul 19, 2001 12:29 pm | |
| Kris Kennaway | Jul 19, 2001 12:30 pm | |
| Mike Heffner | Jul 19, 2001 2:46 pm | |
| Mike Heffner | Jul 19, 2001 3:34 pm | |
| David O'Brien | Jul 19, 2001 3:54 pm | |
| David O'Brien | Jul 19, 2001 3:57 pm | |
| Mike Smith | Jul 19, 2001 4:04 pm | |
| Kris Kennaway | Jul 19, 2001 4:37 pm | |
| David O'Brien | Jul 19, 2001 8:30 pm | |
| David O'Brien | Jul 19, 2001 8:36 pm | |
| David O'Brien | Jul 19, 2001 8:39 pm | |
| Kris Kennaway | Jul 19, 2001 9:03 pm | |
| Terry Lambert | Jul 20, 2001 9:34 am | |
| Dima Dorfman | Jul 20, 2001 10:14 am | |
| David O'Brien | Jul 20, 2001 11:22 am | |
| Mike Heffner | Jul 21, 2001 9:11 pm | |
| Assar Westerlund | Jul 22, 2001 2:07 pm | |
| Warner Losh | Jul 23, 2001 3:20 pm | |
| Assar Westerlund | Jul 24, 2001 1:16 pm | .diff |
| Mike Heffner | Jul 24, 2001 5:55 pm | |
| Assar Westerlund | Jul 24, 2001 6:07 pm | |
| Mike Heffner | Jul 24, 2001 8:41 pm | |
| David O'Brien | Jul 27, 2001 10:19 am | |
| Kris Kennaway | Jul 27, 2001 12:07 pm |
| Subject: | Re: Importing lukemftpd | |
|---|---|---|
| From: | Kris Kennaway (kr...@obsecurity.org) | |
| Date: | Jul 19, 2001 4:37:16 pm | |
| List: | org.freebsd.freebsd-arch | |
On Thu, Jul 19, 2001 at 03:58:11PM -0700, David O'Brien wrote:
On Thu, Jul 19, 2001 at 12:31:20PM -0700, Kris Kennaway wrote:
On Thu, Jul 19, 2001 at 11:22:21AM -0700, David O'Brien wrote:
Index: Makefile =================================================================== RCS file: /home/ncvs/src/usr.bin/ftp/Makefile,v
BTW, feel free to commit the ftp client whenever you feel like it, since there aren't serious security issues at stake there.
There aren't?? I am downloading data from a possibly hostile site. They could easily try to buffer overflow the client. Just as much a possible security vulnerability as we saw the the buffer overflows in fetchmail.
Yes, but a client-side vulnerability is not the same class of vulnerability as a daemon which installed by default on all FreeBSD systems. If the code worries you, a security audit would be much appreciated. Thanks.
Kris