[15605] in bugtraq
Re: ftpd: the advisory version
daemon@ATHENA.MIT.EDU (Carson Gaspar)
Sun Jul 2 15:58:42 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <14685.13760.456523.321265@taltos.tla.org>
Date: Fri, 30 Jun 2000 20:05:20 -0400
Reply-To: carson@tla.org
From: Carson Gaspar <carson@TLA.ORG>
X-To: Mike Eldridge <diz@CAFES.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.LNX.4.10.10006291349470.14791-100000@mail.cafes.net>
>>>>> "Mike" == Mike Eldridge <diz@CAFES.NET> writes:
Mike> On Tue, 27 Jun 2000, Olaf Kirch wrote:
>> I.e. publicfile is able to drop root privs because it stops using port 20
>> when creating data connections in response to a PORT command. It's
>> against the spec but works with most clients.
Mike> Against spec, it may be, but in my opinion, it makes more sense.
FYI, it violates a SHOULD, it doesn't violate a MUST, so it is officially in
spec.
--
Carson Gaspar -- carson@tla.org
Queen Trapped in a Butch Body
