On Wed, 22 Sep 1999, Matthias Pigulla wrote:
If I see things right, this proxy could be used on a gateway host in a firewall scenario like the one described in Garfinkel & Spafford Chapter 21? (I.e. all connections to a LAN have to cross the gate and can be buffered by proxy servers on that machine.)
Yes, this is the idea behind it. The FTP code is free of buffer overflows or any of the exploits currently being discussed. You can tell it which commands are legal for every user, including a RegEx for the arguments. Thus it is easy to say: RETR=^[/a-zA-Z0-9_]{1,512}$ or QUIT=^$ and your arguments will be scanned before they ever enter any sprintf or the like. And you can use active or passive FTP towards the internet, while always using passive to your internal host.
Cool ;-)
Status: code reviews finished, docs finished. Homepage design nearly finished. Announcement end of this or rather beginning of next week.
Matthias
Volker -- Volker Wiegand Phone: +49 (0) 6196 / 50951-24 SuSE Rhein/Main AG Fax: +49 (0) 6196 / 40 96 07 Mergenthalerallee 45-47 Mobile: +49 (0) 179 / 292 66 76 D-65760 Eschborn E-Mail: Volker.Wiegand@suse.de ++ Only users lose drugs. Or was it the other way round? ++