Re: SunOS 4.1.4 ftp serious bug

[jzbiciak () DALDD SC TI COM (Joe Zbiciak)]

'Homer W. Smith' said previously:
|
|     This may be old hat, but it has bitten me again recently and
| I am surprised this bug is allowed to live.
|
|     Running SunOS 4.1.4
|
|     ftp from SunOS machine A to any other machine B.
|
|     cd remote directory
|
|     lcd to any random directory NOT the directory that contains
| the file you wish to upload.
|
|     put /absolute/path/to/file
|
|     This will *ERASE* the file on machine A!
|

I don't believe this is a bug.  The only situation I can devise in which
the file will get truncated is when "/absolute/path/to/file" is shared
by both machines in question.  And, this will happen with any of the
classic text-based ftp clients out there.  (Note: I don't know if ncftp
would behave the same.)

A "put" or "get" with just a full path will use that same full path for
both source and destination sides, regardless of the current directory.
This isn't a bug, but a feature.

If that directory happens to be shared on both hosts (such as an NFS
mounted home area), then you stand a chance of truncating the file
before you've sent it.

In any case, what does this have to do with security?

Regards,

--Joe

PS. If my conjecture above about the situation which causes this is
    incorrect, I'll happily accept more details (like a typescript of
    a session which illustrates this behavior).  Thanks!
--
 +--------------Joseph Zbiciak--------------+
 |- - - - jzbiciak () daldd sc ti com - - - - -|
 | - - http://www.primenet.com/~im14u2c - - |      Not your average "Joe."
 |- - - - Texas Instruments,  Dallas - - - -|
 +-------#include <std_disclaimer.h>--------+