[Nut-upsuser] ISE review of I-D: deprecate command VER?

Greg Troxel gdt at lexort.com
Sun Mar 20 22:41:05 GMT 2022


Manuel Wolfshant <wolfy at nobugconsulting.ro> writes:

> Connected to outlook-com.olc.protection.outlook.com..
> Escape character is '^]'.
> 220 VE1EUR03FT022.mail.protection.outlook.com Microsoft ESMTP MAIL
> Service ready at Sun, 20 Mar 2022 22:20:44 +0000
>
> |_ssl-date: 2022-03-20T22:22:21+00:00; 0s from scanner time.
> Service Info: Host: AM5EUR02FT049.mail.protection.outlook.com; OS:
> Windows; CPE: cpe:/o:microsoft:windows
>
> I am too lazy to check but I am willing to bet a beer that somewhere
> over there there is an Exchange server

Sure; these things leak.  The real horror of the web is that clients
send version and the server modifies behavior based on it.

>> In general, a fair question is "What if we deleted this?  If we wouldn't
>> have trouble, why are we keeping it?"
> Connected to dell30-5x.
>
> Escape character is '^]'.
> ver
> Network UPS Tools upsd 2.7.4 - http://www.networkupstools.org/
> quit
>
> I for one do not see much trouble in advertising the version of nut
> and its website. But I am also the person who used lighttpd for 15
> years and made it advertise itself as MS IIS and exim advertised as MS
> Exchange, just for the fun of seeing failed exploits in the logs

So how about saying that

  ver is optional, in that it can return some NULL type of string (empty
  line).

  clients may log ver or show to humans for debuging, but they MUST NOT
  change behavior based on it.


The point of a protocol is to speak the defined protocol, and if there
is really one protocol per but version, things are off the rails.  (I'm
not saying there is a problem, just that there's a line nobody should
cross and I completely understand where the reviewer is coming from.)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 194 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/nut-upsuser/attachments/20220320/5cbc9bdb/attachment.sig>


More information about the Nut-upsuser mailing list