Subject: bin/12773: lukemftpd-1.0 active mode broken?
To: None <gnats-bugs@gnats.netbsd.org>
From: None <rmg@mit.edu>
List: netbsd-bugs
Date: 04/27/2001 23:27:48
>Number:         12773
>Category:       bin
>Synopsis:       lukemftpd-1.0 active mode broken?
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Apr 27 23:28:00 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator:     Robby Griffin
>Release:        1.4.2
>Organization:
>Environment:
NetBSD abelson 1.4.2 NetBSD 1.4.2 (GENERIC) #1: Tue Apr 11 20:27:20 EDT 2000     root@khwarizmi:/usr/src/sys/arch/i386/compile/GENERIC i386

>Description:
On the advice of NetBSD security advisory SA2001-005, I built
lukemftpd-1.0 from pkgsrc and began using it instead of the
NetBSD 1.4.2 /usr/libexec/ftpd. This change seems to have
rendered the ftp server mostly unusable in active mode (and
yes, there still exist active-mode clients such that this annoys
people).

checkportcmd is on in /etc/ftpd.conf, as is strongly recommended, and
the previous ftpd did not reject PORT commands in this situation
(strange how the first one succeeds and the second one half-succeeds):

ftp -d localhost
Connected to localhost.
220-
220 localhost FTP server (lukemftpd 1.0) ready.
Name (localhost:root): ftp
---> USER ftp
331 Guest login ok, type your name as password.
Password:
---> PASS XXXX
230 Guest login ok, access restrictions apply.
---> SYST
215 UNIX Type: L8 Version: lukemftpd 1.0
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> cd etc
---> CWD etc
250 CWD command successful.
ftp> passive
Passive mode off.
ftp> ls
---> PORT 127,0,0,1,231,72
200 PORT command successful.
---> NLST
150 Opening ASCII mode data connection for 'file list'.
passwd
group
pwd.db
226 Transfer complete.
ftp> ls
---> PORT 127,0,0,1,231,71
500 Illegal PORT command rejected
---> NLST
150 Opening ASCII mode data connection for 'file list'.
passwd
group
pwd.db
226 Transfer complete.
ftp> ls
---> PORT 127,0,0,1,231,70
500 Illegal PORT command rejected
ftp>

>How-To-Repeat:
Get recent pkgsrc and install net/lukemftpd on NetBSD 1.4.2.
Set up anon ftp and try the above sequence of commands.

>Fix:
Nope, sorry.
>Release-Note:
>Audit-Trail:
>Unformatted: