Bug#613003: Major regressions in proftpd-basic: DisplayReadme, DirFakeUser, DirFakeGroup, DirFakeMode, HideUser, HideGroup, HideNoAccess do not work

John Zaitseff J.Zaitseff at zap.org.au
Thu Feb 24 20:04:34 UTC 2011


Hi, Francesco,

Thanks for your reply!

On Thu, Feb 24, 2011 at 02:43:16PM +0100, Francesco P. Lovergine wrote:
> On Tue, Feb 22, 2011 at 06:31:21PM +1100, John Zaitseff wrote:
> > As mentioned in previous e-mails, I have been investigating the
> > problems of DisplayReadme, DirFakeUser, DirFakeGroup,
> > DirFakeMode, HideUser, HideGroup and HideNoAccess not working in
> > the ProFTPD package, versions 1.3.3a-6 and 1.3.3d-3.
> >
> > [...]
>
> John, many thanks for your deep investigation.  So, apparently we
> have still a few open regressions, which I'm afraid could be fixed
> only by a successive backport from testing in squeeze.  You know,
> stable upgrade policy is quite restrictive in Debian about non
> critical or security bugs.

Yes, I'm very aware that the stable upgrade policy is (for good
reasons) very restrictive.  However, it seems to me that you could
make a good case for such a backport because of the DisplayReadme
directive: this breaks the FTP protocol itself in a major way.  The
HideNoAccess directive could also be argued to be security-related:
this being broken allows access to files and directories the
administrator specifically did not want FTP users to access.

With regards to the DisplayReadme directive, you can note from
ProFTPD bug #3605 (http://bugs.proftpd.org/show_bug.cgi?id=3605)
that TJ Saunders has developed a couple of patches that solve this
problem.  I can confirm that these patches work as advertised: I
have compiled the CVS HEAD version and tried it out.

Similarly, TJ solved the relatively minor problems with DirFakeUser,
DirFakeGroup and DirFakeMode, as documented in ProFTPD bug #3604
(http://bugs.proftpd.org/show_bug.cgi?id=3604).  I have also tested
these changes: they work.

Whether you take these patches directly, or wait until 1.3.4 is
released (with these patches, I hope!), is your call.  Thanks in
advance for helping solve these problems!

Yours truly,

John Zaitseff

-- 
John Zaitseff                    ,--_|\    The ZAP Group
Phone:  +61 2 9643 7737         /      \   Sydney, Australia
E-mail: J.Zaitseff at zap.org.au   \_,--._*   http://www.zap.org.au/
                                      v





More information about the Pkg-proftpd-maintainers mailing list