[19734] in bugtraq
Re: Multiple vendors FTP denial of service
daemon@ATHENA.MIT.EDU (jedi@CLARANET.FR)
Tue Mar 20 21:09:37 2001
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 8bit
Message-ID: <20010319182552.2BDBDDAEE@mail.fr.clara.net>
Date: Mon, 19 Mar 2001 18:25:52 GMT
Reply-To: jedi@CLARANET.FR
From: jedi@CLARANET.FR
X-To: "D. J. Bernstein" <djb@CR.YP.TO>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20010317185544.5047.qmail@cr.yp.to>
D. J. Bernstein écrit:
> The FTP specification doesn't require servers to support .. and *.
Indeed, it was just popularized by servers calling an extern "ls"
program.
> FTP does, however, include an NLST command that lists all files in the
> current directory, and a CWD command that switches to a new directory,
> and a PWD command
> Clients that want globbing can easily implement it using these commands.
Server-side globbing is unnecessary, but it helps saving bandwidth.
On a server with no content summary in a file, it can help to find a file
hidden in subdirectories without the headache of a recursive listing.
For instance, listing */gnome*.rpm is handy to find that gnome-core.rpm
and gnome-lib.rpm are located in the "gn1" directory.
--
-=- Frank DENIS aka Jedi/Sector One <j@c9x.org> -=-
"If Bill Gates had a dime for every time a Windows box crashed...
... Oh, wait a minute, he already does."
