[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Muddleftpd-users] features, ideas, etc
|
From: |
Beau Kuiper |
|
Subject: |
Re: [Muddleftpd-users] features, ideas, etc |
|
Date: |
Thu, 24 Oct 2002 21:15:07 +0800 |
On Thu, 24 Oct 2002 12:47, wrote:
> On Wednesday, October 23, 2002 at 22:05, Joerg Jaspert wrote:
> > > Files with non-printable characters cannot be CD'd to
> > > Muddleftpd strips all non-printable characters from
> > > user commands, therefore it is possible to list these
> > > directories/files but not CDing to/downloading them.
> > > One solution would be to have muddleftpd use the current
> > > locale and use isprint. But I think a better solution
> > > would be to simply strip nothing.
> >
> > Strip nothing is bad. Leads to the Translate/escape...." above.
> > We want to be sure that everything muddleftpd does is secure, so we
> > need to inspect the data we get from the user.
>
> Ok, but the problem is that muddleftpd strips printable
> international (e.g. ISO-8859-1) characters.
>
> If some commands gets confused by these characters, isn't the
> problem in that command rather than the "protocol parser" that
> strips or doesn't strip?
I stripped those characters from the input commands so that people wouldn't
use them to create directories and files with names that cannot easily be
accessed using a keyboard in a unix shell. People using ftp servers and
strange directory names to hide/obscure illegal material is not uncommon.
Please don't reply about the ALT-xxx trick. I know it, but I don't expect
people to have to use it to clean up directory trees.
I will probably add a group command to relax these restrictions though, since
there does seem to be a valid use for characters 128-255 (but by default,
have it restricted)
Beau Kuiper
address@hidden