[19699] in bugtraq
Re: Multiple vendors FTP denial of service
daemon@ATHENA.MIT.EDU (D. J. Bernstein)
Mon Mar 19 15:21:40 2001
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Message-ID: <20010317185544.5047.qmail@cr.yp.to>
Date: Sat, 17 Mar 2001 18:55:44 -0000
Reply-To: "D. J. Bernstein" <djb@CR.YP.TO>
From: "D. J. Bernstein" <djb@CR.YP.TO>
To: BUGTRAQ@SECURITYFOCUS.COM
The FTP specification doesn't require servers to support .. and *. In
fact, it doesn't even mention .. and *. Naturally, publicfile's ftpd
treats * as just another character, and converts . to : after slashes.
FTP does, however, include an NLST command that lists all files in the
current directory, and a CWD command that switches to a new directory,
and a PWD command that lets you return later to the current directory.
See http://cr.yp.to/ftp.html.
Clients that want globbing can easily implement it using these commands.
These clients will work with all FTP servers. Server-side globbing is
unnecessary.
---Dan
