>Number:         13541
>Category:       bin
>Synopsis:       ftpd unable to "LIST" filenames that begin with hyphen
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Jul 23 09:42:00 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator:     Ed Ravin
>Release:        1.5
>Organization:
Panix
>Environment:
NetBSD panix1.panix.com 1.5.1 NetBSD 1.5.1 (PANIX-USER) #0: Mon Jun 25 21:35:49 EDT 2001 ro
ot@byzantium.nyc.access.net:/devel/netbsd/release-1.5/src/sys/arch/i386/compile/PANIX-USER i386
>Description:
If a filename in the current directory begins with "-" (hyphen), the
LIST command will not be able to show it, because /bin/ls sees the
filename as an option specification.
>How-To-Repeat:
create a file named "-" in a directory accessible by FTP
log in with the FTP client and chdir to that directory
"dir -" will return nothing, "nlist -" will show the file exists

>Fix:
in ftpcmds.[cy] and cmds.c, suggest that you change options to ls
from "-lgA" to "-lgA --"

Might need to make this configurable if some versions of "ls" don't
support the "--" escape.

Hmmm, this bug might have security implications if anyone ever added
options to "ls" that made it read or write to filenames or pipes, which
is another good reason to use the "--" to cancel all further option
processing.

The "--" feature works for NetBSD ls and rm, but does not seem to
be documented (man pages I checked were dated 1998).
>Release-Note:
>Audit-Trail:
>Unformatted: