[19773] in bugtraq
Re: Multiple vendors FTP denial of service
daemon@ATHENA.MIT.EDU (Nate Eldredge)
Thu Mar 22 14:16:53 2001
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <15033.5528.904149.15343@mercury.st.hmc.edu>
Date: Wed, 21 Mar 2001 12:56:56 -0800
Reply-To: Nate Eldredge <neldredge@HMC.EDU>
From: Nate Eldredge <neldredge@HMC.EDU>
X-To: Stefan Laudat <stefan@WORLDBANK.RO>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20010321005503.C10841@worldbank.ro>
Stefan Laudat writes:
> Hi Aleph,
> Please add this to the 'quick fix collection'. Thanks.
>
> > > ftp> ls */../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*
> > disable globbing symbols with: DenyFilter "[\*\?]" ?
>
> ... and as a quick fix for nasty shell users having bash prompts on
> your machine, just enter 'set -f' in the /etc/profile. Of course,
> until we will get a fixed bash or a fixed libc(?).
This would be an enormous pain for your users, and furthermore won't
help. If they have a shell, they can simply do `set +f', or run a
different shell without such restrictions, or they can even run any
other program to suck up tons of memory (`for(;;) malloc(1024);'). To
prevent every possible case of this, and have some actual (rather than
illusory) security, man ulimit.
There is no bug in bash or in libc; it's a feature. I wouldn't want a
system that put arbitrary limits on globbing.
--
Nate Eldredge
neldredge@hmc.edu
