> Recently someone noted on BUGTRAQ that ftp(1) has two security
 > problems:
 > 
 > Problem:
 >     a remote ftp server can create unwanted files by returning a list of
 >     filenames to mget that aren't what the client asked for. 
 > 
 > Suggested fix:
 >     check the returned filenames against the local glob rules, and
 >     discard those that don't match (e.g, "../.forward" doesn't match
 >     "foo*"). this could be configurable with an option, and default
 >     to "do the check".
 >     I haven't done this yet, as I'm awaiting feedback on the idea.

This will break if nmap or ntrans are in use. Or it may. 

Also it would break if the remote machine uses different globbing and
the user wishes to use that globbing. (E.g., if I'm connected to an
AmigaOS ftp server and I do "mget #?" I'd expect it to send back all
files, not those with two-character filenames beginning with '#'.)

If such usage is officially prohibited by the ftp protocol, never
mind... 

-- 
   - David A. Holland             |    VINO project home page:
     dholland@eecs.harvard.edu    | http://www.eecs.harvard.edu/vino