From jez@chagford.netcraft.com  Fri Feb 28 07:32:53 2003
Return-Path: <jez@chagford.netcraft.com>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 6594037B401
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 28 Feb 2003 07:32:53 -0800 (PST)
Received: from chagford.netcraft.com (chagford.netcraft.com [195.92.95.48])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 8BE6843FB1
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 28 Feb 2003 07:32:52 -0800 (PST)
	(envelope-from jez@chagford.netcraft.com)
Received: from chagford.netcraft.com (localhost [127.0.0.1])
	by chagford.netcraft.com (8.12.6/8.12.6) with ESMTP id h1SFWlkc005573
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 28 Feb 2003 15:32:47 GMT
	(envelope-from jez@chagford.netcraft.com)
Received: (from jez@localhost)
	by chagford.netcraft.com (8.12.6/8.12.6/Submit) id h1SFWj8A005539;
	Fri, 28 Feb 2003 15:32:46 GMT
Message-Id: <200302281532.h1SFWj8A005539@chagford.netcraft.com>
Date: Fri, 28 Feb 2003 15:32:46 GMT
From: Jeremy Prior <jez@chagford.netcraft.com>
Reply-To: Jeremy Prior <jez@chagford.netcraft.com>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: No way to disable directory listings in ftpd
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         48784
>Category:       bin
>Synopsis:       No way to disable directory listings in ftpd
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    yar
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Fri Feb 28 07:40:07 PST 2003
>Closed-Date:    Tue Mar 02 10:43:14 PST 2004
>Last-Modified:  Tue Mar 02 10:43:14 PST 2004
>Originator:     Jeremy Prior
>Release:        FreeBSD 4.7-STABLE i386
>Organization:
Netcraft Ltd
>Environment:
System: FreeBSD chagford.netcraft.com 4.7-STABLE FreeBSD 4.7-STABLE #1: Fri Jan 17 21:34:17 GMT 2003 root@chagford.netcraft.com:/usr/obj/usr/src/sys/CHAGFORD i386


	
>Description:
	We need to run a customer-facing ftpd that doesn't allow
	directory listings.  The base system's one can be made to
	prevent this if the right bits are lopped-out. :-)

>How-To-Repeat:
	Connect to ftpd and type `dir'

>Fix:

	Patch follows:

--- ftpd.diff begins here ---
Index: Makefile
===================================================================
RCS file: /usr/cvs/src/libexec/ftpd/Makefile,v
retrieving revision 1.33.2.6
diff -u -r1.33.2.6 Makefile
--- Makefile	11 Feb 2003 14:28:28 -0000	1.33.2.6
+++ Makefile	28 Feb 2003 13:51:32 -0000
@@ -12,10 +12,14 @@
 LDADD=	-lskey -lmd -lcrypt -lutil
 DPADD=	${LIBSKEY} ${LIBMD} ${LIBCRYPT} ${LIBUTIL}
 
+.if defined(NO_LISTINGS)
+CFLAGS+=-DNO_LISTINGS
+.else
 LSDIR=	../../bin/ls
 .PATH:	${.CURDIR}/${LSDIR}
 SRCS+=	ls.c cmp.c print.c util.c
 CFLAGS+=-Dmain=ls_main -I${.CURDIR}/${LSDIR}
+.endif
 
 DPADD+=	${LIBM}
 LDADD+=	-lm
Index: ftpcmd.y
===================================================================
RCS file: /usr/cvs/src/libexec/ftpd/ftpcmd.y,v
retrieving revision 1.16.2.19
diff -u -r1.16.2.19 ftpcmd.y
--- ftpcmd.y	11 Feb 2003 14:28:28 -0000	1.16.2.19
+++ ftpcmd.y	28 Feb 2003 14:01:34 -0000
@@ -475,25 +475,33 @@
 		}
 	| NLST check_login CRLF
 		{
+#ifndef NO_LISTINGS
 			if ($2)
 				send_file_list(".");
+#endif
 		}
 	| NLST check_login SP pathstring CRLF
 		{
+#ifndef NO_LISTINGS
 			if ($2)
 				send_file_list($4);
 			free($4);
+#endif
 		}
 	| LIST check_login CRLF
 		{
+#ifndef NO_LISTINGS
 			if ($2)
 				retrieve(_PATH_LS " -lgA", "");
+#endif
 		}
 	| LIST check_login SP pathstring CRLF
 		{
+#ifndef NO_LISTINGS
 			if ($2)
 				retrieve(_PATH_LS " -lgA %s", $4);
 			free($4);
+#endif
 		}
 	| STAT check_login SP pathname CRLF
 		{
@@ -1127,8 +1135,10 @@
 	{ "DELE", DELE, STR1, 1,	"<sp> file-name" },
 	{ "CWD",  CWD,  OSTR, 1,	"[ <sp> directory-name ]" },
 	{ "XCWD", CWD,	OSTR, 1,	"[ <sp> directory-name ]" },
+#ifndef NO_LISTINGS
 	{ "LIST", LIST, OSTR, 1,	"[ <sp> path-name ]" },
 	{ "NLST", NLST, OSTR, 1,	"[ <sp> path-name ]" },
+#endif
 	{ "SITE", SITE, SITECMD, 1,	"site-cmd [ <sp> arguments ]" },
 	{ "SYST", SYST, ARGS, 1,	"(get type of operating system)" },
 	{ "STAT", STAT, OSTR, 1,	"[ <sp> path-name ]" },
Index: ftpd.c
===================================================================
RCS file: /usr/cvs/src/libexec/ftpd/ftpd.c,v
retrieving revision 1.62.2.48
diff -u -r1.62.2.48 ftpd.c
--- ftpd.c	14 Feb 2003 12:42:42 -0000	1.62.2.48
+++ ftpd.c	28 Feb 2003 13:51:34 -0000
@@ -2970,6 +2970,7 @@
 send_file_list(whichf)
 	char *whichf;
 {
+#ifndef NO_LISTINGS
 	struct stat st;
 	DIR *dirp = NULL;
 	struct dirent *dir;
@@ -3100,6 +3101,7 @@
 		freeglob = 0;
 		globfree(&gl);
 	}
+#endif
 }
 
 void
Index: popen.c
===================================================================
RCS file: /usr/cvs/src/libexec/ftpd/popen.c,v
retrieving revision 1.18.2.3
diff -u -r1.18.2.3 popen.c
--- popen.c	9 Aug 2001 00:53:18 -0000	1.18.2.3
+++ popen.c	11 Aug 2001 08:09:21 -0000
@@ -143,6 +143,7 @@
 			}
 			(void)close(pdes[1]);
 		}
+#ifndef NO_LISTINGS
 		if (strcmp(gargv[0], _PATH_LS) == 0) {
 			/* Reset getopt for ls_main() */
 			optreset = optind = optopt = 1;
@@ -157,6 +158,7 @@
 			}
 			exit(ls_main(gargc, gargv));
 		}
+#endif
 		execv(gargv[0], gargv);
 		_exit(1);
 	}
--- ftpd.diff ends here ---


>Release-Note:
>Audit-Trail:

From: Yar Tikhiy <yar@FreeBSD.org>
To: freebsd-gnats-submit@FreeBSD.org, jez@chagford.netcraft.com
Cc:  
Subject: Re: bin/48784: No way to disable directory listings in ftpd
Date: Thu, 20 Mar 2003 20:07:34 +0300

 Hi Jeremy,
 
 Thanks for your bug report, but have you considered removing
 "r" bits from a directory's permissions in order to prohibit
 listing the directory?
 
 Our stock ftpd(8) is intended to be small and simple, so it
 usually has no functionality that can be achieved by a way
 common for the Unix environment.
 
 -- 
 Yar

From: Jeremy Prior <jez@chagford.netcraft.com>
To: Yar Tikhiy <yar@FreeBSD.org>
Cc:  
Subject: Re: bin/48784: No way to disable directory listings in ftpd
Date: 20 Mar 2003 20:39:03 +0000

 On Thu, 2003-03-20 at 17:07, Yar Tikhiy wrote:
 > Thanks for your bug report, but have you considered removing
 > "r" bits from a directory's permissions in order to prohibit
 > listing the directory?
 
 I considered it, but discounted it for three reasons:
 
      1. The ftpd shares its directory tree with a webserver.  (The idea
         is that the users can access the same content either by ftp://
         or http://);
      2. I can't trust people adding content to the site to remember to
         do this; and
      3. One patch fixes both of these problems
 
 (I know allowing access to data via http and ftp isn't recommended, but
 this is an intranet site that is only used by a limited set of users -
 turning off directory listings is just to prevent people from
 `nosing-around' :-)
 
 > Our stock ftpd(8) is intended to be small and simple, so it
 > usually has no functionality that can be achieved by a way
 > common for the Unix environment.
 
 I understand that disabling directory listings doesn't increase security
 by much (if at all), but it solves the problem in our case.  We've been
 running with it for over a year without a problem, so I thought I'd
 offer it to a wider audience.
 
 Thanks for considering it anyway,
 jez
 -- 
 Jeremy Prior <jez@chagford.netcraft.com>

From: Yar Tikhiy <yar@FreeBSD.org>
To: Jeremy Prior <jez@chagford.netcraft.com>
Cc: freebsd-gnats-submit@FreeBSD.org
Subject: Re: bin/48784: No way to disable directory listings in ftpd
Date: Tue, 25 Mar 2003 16:53:40 +0300

 Hi Jeremy,
 
 First of all, I beg you to keep ``freebsd-gnats-submit@FreeBSD.org''
 in Cc: when replying to a mail on a problem report.  That is how
 PR-related mailing is tracked and archived for reference.
 I've resent your mail to the tracking system's address.
 
 On Thu, Mar 20, 2003 at 08:39:03PM +0000, Jeremy Prior wrote:
 > On Thu, 2003-03-20 at 17:07, Yar Tikhiy wrote:
 > > Thanks for your bug report, but have you considered removing
 > > "r" bits from a directory's permissions in order to prohibit
 > > listing the directory?
 > 
 > I considered it, but discounted it for three reasons:
 > 
 >      1. The ftpd shares its directory tree with a webserver.  (The idea
 >         is that the users can access the same content either by ftp://
 >         or http://);
 >      2. I can't trust people adding content to the site to remember to
 >         do this; and
 >      3. One patch fixes both of these problems
 > 
 > (I know allowing access to data via http and ftp isn't recommended, but
 > this is an intranet site that is only used by a limited set of users -
 > turning off directory listings is just to prevent people from
 > `nosing-around' :-)
 > 
 > > Our stock ftpd(8) is intended to be small and simple, so it
 > > usually has no functionality that can be achieved by a way
 > > common for the Unix environment.
 > 
 > I understand that disabling directory listings doesn't increase security
 > by much (if at all), but it solves the problem in our case.  We've been
 > running with it for over a year without a problem, so I thought I'd
 > offer it to a wider audience.
 
 Would you mind converting this option from build-time to run-time?
 It would become handier then.
 
 -- 
 Yar

From: Peter Pentchev <roam@ringlet.net>
To: Jeremy Prior <jez@chagford.netcraft.com>
Cc: bug-followup@FreeBSD.org
Subject: Re: bin/48784: No way to disable directory listings in ftpd
Date: Tue, 25 Mar 2003 17:12:48 +0200

 On Tue, Mar 25, 2003 at 05:30:17AM -0800, Jeremy Prior wrote:
 >  On Thu, 2003-03-20 at 17:07, Yar Tikhiy wrote:
 >  > Thanks for your bug report, but have you considered removing
 >  > "r" bits from a directory's permissions in order to prohibit
 >  > listing the directory?
 >  
 >  I considered it, but discounted it for three reasons:
 >  
 >       1. The ftpd shares its directory tree with a webserver.  (The idea
 >          is that the users can access the same content either by ftp://
 >          or http://);
 
 How will turning off the 'r' bit harm HTTP functionality, except for
 disallowing directory listings?  Or do you *want* to allow directory
 listings via HTTP, but not FTP? :)
 
 >       2. I can't trust people adding content to the site to remember to
 >          do this; and
 
 A matter of policy, I think.. or it could be automated.
 
 >       3. One patch fixes both of these problems
 
 I tend to agree with Yar here that while this patch may seem useful,
 it is not, strictly speaking, needed - its functionality can indeed
 be achieved by other means (turning off read permission).
 
 G'luck,
 Peter
 
 -- 
 Peter Pentchev	roam@ringlet.net    roam@sbnd.net    roam@FreeBSD.org
 PGP key:	http://people.FreeBSD.org/~roam/roam.key.asc
 Key fingerprint	FDBA FD79 C26F 3C51 C95E  DF9E ED18 B68D 1619 4553
 The rest of this sentence is written in Thailand, on
Responsible-Changed-From-To: freebsd-bugs->yar 
Responsible-Changed-By: kris 
Responsible-Changed-When: Sat Jul 12 18:22:35 PDT 2003 
Responsible-Changed-Why:  
Assign to ftpd maintainer 

http://www.freebsd.org/cgi/query-pr.cgi?pr=48784 
State-Changed-From-To: open->closed 
State-Changed-By: yar 
State-Changed-When: Tue Mar 2 10:36:26 PST 2004 
State-Changed-Why:  
This PR proposed a feature that was hardly needed. 
In addition, there were no more opinions on the issue 
in slightly less than a year. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=48784 
>Unformatted:
