From bernd@heitec.net  Wed Mar  7 18:09:06 2001
Return-Path: <bernd@heitec.net>
Received: from christel.heitec.net (christel.heitec.net [193.101.232.3])
	by hub.freebsd.org (Postfix) with ESMTP id 14B0537B719
	for <FreeBSD-gnats-submit@freebsd.org>; Wed,  7 Mar 2001 18:09:06 -0800 (PST)
	(envelope-from bernd@heitec.net)
Received: from heitec.net (paladin.heitec.net [193.101.232.30])
	by christel.heitec.net (Postfix) with ESMTP id 54EFAB8105
	for <FreeBSD-gnats-submit@freebsd.org>; Thu,  8 Mar 2001 03:08:59 +0100 (CET)
Received: (from bernd@localhost)
	by  heitec.net (8.11.3/8.11.3) id f2828ww08461;
	Thu, 8 Mar 2001 03:08:58 +0100 (CET)
	(envelope-from bernd)
Message-Id: <200103080208.f2828ww08461@ heitec.net>
Date: Thu, 8 Mar 2001 03:08:58 +0100 (CET)
From: bdluevel@heitec.net
Reply-To: bdluevel@heitec.net
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: patch to let ftpd output message when changing directory
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         25598
>Category:       bin
>Synopsis:       patch to let ftpd(8) output message when changing directory
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    yar
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Wed Mar 07 18:10:01 PST 2001
>Closed-Date:    Tue Jul 10 03:30:49 UTC 2012
>Last-Modified:  Tue Jul 10 03:30:49 UTC 2012
>Originator:     Bernd Luevelsmeyer
>Release:        FreeBSD 4.3-BETA i386
>Organization:
>Environment:
System: FreeBSD 4.3-BETA #0: Wed Mar 7 04:44:56 CET 2001

>Description:
The patch lets the FTP daemon (after a successful 'cwd' command)
look for a file '.message' in the current directory and, if
readable, send the contents to the client, preceding the
"250 CWD successful." message. The intent is to let
the FTP site admin announce directory descriptions, copyright
notices or the like.


>How-To-Repeat:

>Fix:
--- libexec/ftpd/ftpd.c.orig	Thu Mar  8 02:34:14 2001
+++ libexec/ftpd/ftpd.c	Thu Mar  8 02:44:38 2001
@@ -2170,7 +2170,22 @@
 	if (chdir(path) < 0)
 		perror_reply(550, path);
 	else
+        {
+            char line[LINE_MAX];
+            FILE *fd;
+            if ((fd = fopen(".message", "r")) != NULL)
+            {
+                while (fgets(line, sizeof(line), fd) != NULL)
+                {
+                    char *cp;
+                    if ((cp = strchr(line, '\n')) != NULL)
+                        *cp = '\0';
+                    lreply(250, "%s", line);
+                }
+                fclose(fd);
+            }
 		ack("CWD");
+        }
 }
 
 void
>Release-Note:
>Audit-Trail:

From: Bernd Luevelsmeyer <bdluevel@heitec.net>
To: FreeBSD-gnats-submit@freebsd.org
Cc:  
Subject: Re: bin/25598: patch to let ftpd output message when changing directory
Date: Thu, 08 Mar 2001 04:55:50 +0100

 I forgot to patch the man page accordingly; I'm submitting the man page
 diff here:
 
 --- libexec/ftpd/ftpd.8.original        Thu Mar  8 03:36:41 2001
 +++ libexec/ftpd/ftpd.8 Thu Mar  8 04:45:16 2001
 @@ -236,6 +236,11 @@
  .It XRMD Ta "remove a directory (deprecated) [RW]"
  .El
  .Pp
 +After a successful CWD command, a file
 +.Pa .message
 +is looked up in the new current directory and submitted to the client
 +as part of the ok-message, if available.
 +.Pp
  The following non-standard or
  .Tn UNIX
  specific commands are supported

From: Peter Pentchev <roam@orbitel.bg>
To: bdluevel@heitec.net
Cc: FreeBSD-gnats-submit@freebsd.org
Subject: Re: bin/25598: patch to let ftpd output message when changing directory
Date: Thu, 8 Mar 2001 14:33:46 +0200

 On Thu, Mar 08, 2001 at 03:08:58AM +0100, bdluevel@heitec.net wrote:
 > 
 > >Number:         25598
 > >Category:       bin
 > >Synopsis:       patch to let ftpd output message when changing directory
 > >Originator:     Bernd Luevelsmeyer
 > >Release:        FreeBSD 4.3-BETA i386
 > >Organization:
 > >Environment:
 > System: FreeBSD 4.3-BETA #0: Wed Mar 7 04:44:56 CET 2001
 > 
 > >Description:
 > The patch lets the FTP daemon (after a successful 'cwd' command)
 > look for a file '.message' in the current directory and, if
 > readable, send the contents to the client, preceding the
 > "250 CWD successful." message. The intent is to let
 > the FTP site admin announce directory descriptions, copyright
 > notices or the like.
 [snip the patch itself]
 
 Hmm I wonder if this should not stat() the file beforehand, to make
 sure it's a regular file; otherwise, problems might arise with a local
 user creating a FIFO or something, and then pointing a couple of clients
 there.. or just letting the FIFO lie dormant until some unsuspecting
 soul connects and CWD's :)
 
 Of course, then there's the issue of a race condition between a stat()
 and the actual opening.. this might be resolved with a fstat(fileno(fp))
 right after the fopen(), before the first read from the file.
 
 Or should FIFO's be considered an issue at all?  I believe yes, since
 something similar has been done to inetd recently..
 
 G'luck,
 Peter
 
 -- 
 Nostalgia ain't what it used to be.

From: Bernd Luevelsmeyer <bdluevel@heitec.net>
To: Peter Pentchev <roam@orbitel.bg>
Cc: FreeBSD-gnats-submit@freebsd.org
Subject: Re: bin/25598: patch to let ftpd output message when changing directory
Date: Fri, 09 Mar 2001 09:10:14 +0100

 Peter Pentchev wrote:
 > 
 > On Thu, Mar 08, 2001 at 03:08:58AM +0100, bdluevel@heitec.net wrote:
 [...]
 > > >Description:
 > > The patch lets the FTP daemon (after a successful 'cwd' command)
 > > look for a file '.message' in the current directory and, if
 > > readable, send the contents to the client, preceding the
 > > "250 CWD successful." message. The intent is to let
 > > the FTP site admin announce directory descriptions, copyright
 > > notices or the like.
 > [snip the patch itself]
 > 
 > Hmm I wonder if this should not stat() the file beforehand, to make
 > sure it's a regular file; otherwise, problems might arise with a local
 > user creating a FIFO or something, and then pointing a couple of clients
 > there.. or just letting the FIFO lie dormant until some unsuspecting
 > soul connects and CWD's :)
 
 You are right, of course. Thanks for wording it so politely :-)
 There's also the issue of uploads, e.g. in public upload directories;
 someone might create a directory (or find one without a .message) and
 put a megabyte of whatever there, called '.message' .
 
 
 > Of course, then there's the issue of a race condition between a stat()
 > and the actual opening.. this might be resolved with a fstat(fileno(fp))
 > right after the fopen(), before the first read from the file.
 
 I think that's the way to go. To care for unwanted 3rd-party-.messages,
 one might perhaps check that it's owned by root, or owned by the
 directory owner? Not world-writeable? And limit the output to max. 20
 lines of max. 50 characters each, filtered to printable ASCII (checked
 with isprint())?
 
 
 > Or should FIFO's be considered an issue at all?  I believe yes, since
 > something similar has been done to inetd recently..
 
 It is certainly an issue. I'm afraid I didn't consider this topic at
 all. I'll implement the fstat() and a size limitation and/or other
 sanity checks, and re-submit the patch.
 
 I suggest that this ill-conceived PR should be closed.

From: Peter Pentchev <roam@orbitel.bg>
To: Bernd Luevelsmeyer <bdluevel@heitec.net>
Cc: FreeBSD-gnats-submit@freebsd.org
Subject: Re: bin/25598: patch to let ftpd output message when changing directory
Date: Fri, 9 Mar 2001 11:42:49 +0200

 On Fri, Mar 09, 2001 at 09:10:14AM +0100, Bernd Luevelsmeyer wrote:
 > Peter Pentchev wrote:
 > 
 > > Of course, then there's the issue of a race condition between a stat()
 > > and the actual opening.. this might be resolved with a fstat(fileno(fp))
 > > right after the fopen(), before the first read from the file.
 > 
 > I think that's the way to go. To care for unwanted 3rd-party-.messages,
 > one might perhaps check that it's owned by root, or owned by the
 > directory owner? Not world-writeable? And limit the output to max. 20
 > lines of max. 50 characters each, filtered to printable ASCII (checked
 > with isprint())?
 
 I think most of these checks are reasonable, esp. the owned-by-root-or-owner
 check (I think that would be the best way to go - allow root to drop .message
 files all over the place, and let owners put their own), which would also
 take care of the problem you mentioned earlier, .message files uploaded
 to public incoming directories.
 
 > > Or should FIFO's be considered an issue at all?  I believe yes, since
 > > something similar has been done to inetd recently..
 > 
 > It is certainly an issue. I'm afraid I didn't consider this topic at
 > all. I'll implement the fstat() and a size limitation and/or other
 > sanity checks, and re-submit the patch.
 > 
 > I suggest that this ill-conceived PR should be closed.
 
 Wouldn't it be better to leave this PR open, so you can post your patches
 as follow-ups?
 
 G'luck,
 Peter
 
 -- 
 I am the thought you are now thinking.

From: Bernd Luevelsmeyer <bdluevel@heitec.net>
To: Peter Pentchev <roam@orbitel.bg>
Cc: FreeBSD-gnats-submit@freebsd.org
Subject: Re: bin/25598: patch to let ftpd output message when changing directory
Date: Fri, 09 Mar 2001 14:31:24 +0100

 Peter Pentchev wrote:
 > 
 > On Fri, Mar 09, 2001 at 09:10:14AM +0100, Bernd Luevelsmeyer wrote:
 [...]
 > > I suggest that this ill-conceived PR should be closed.
 > 
 > Wouldn't it be better to leave this PR open, so you can post your patches
 > as follow-ups?
 
 If it's still open, I'll follow-up; if not I'll submit a new one and
 point to this PR in the description.
Responsible-Changed-From-To: freebsd-bugs->yar 
Responsible-Changed-By: kris 
Responsible-Changed-When: Sat Jul 12 18:24:07 PDT 2003 
Responsible-Changed-Why:  
Assign to ftpd maintainer 

http://www.freebsd.org/cgi/query-pr.cgi?pr=25598 
State-Changed-From-To: open->suspended 
State-Changed-By: yar 
State-Changed-When: Mon Jul 21 08:39:00 PDT 2003 
State-Changed-Why:  
We are going to have lukemftpd instead of BSD-ftpd in our 
tree in near future, so it's not a good time to introduce 
more divergence between the two ftpd variants by adding 
new features. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=25598 
State-Changed-From-To: suspended->closed 
State-Changed-By: eadler 
State-Changed-When: Tue Jul 10 03:30:45 UTC 2012 
State-Changed-Why:  
per yar@ 

http://www.freebsd.org/cgi/query-pr.cgi?pr=25598 
>Unformatted:
