Bug 16134
Summary: | Command line FTP clients should default to PASV transfers not PORT transfers | ||
---|---|---|---|
Product: | [Retired] Red Hat Linux | Reporter: | Chris Evans <chris> |
Component: | ftp | Assignee: | Phil Knirsch <pknirsch> |
Status: | CLOSED RAWHIDE | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 7.0 | CC: | notting, pbrown, rvokal |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2000-08-17 08:27:38 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Chris Evans
2000-08-14 00:21:06 UTC
As of RFC1123 (Requirements for Internet Hosts -- Application and Support, October 1989) every FTP MUST implement the PASV command, and as pointed out, PORT is really not save. Therefore i've changed the default behaviour of the command line ftp client to be in passive mode and the -p option will still work, although won't do much anymore. The change is reflected in the usage and manpages as well. The version of ftp from /usr/kerberos/bin has now had its behavior changed as well. Guys, superb effort and turnaround time. One clarification to make It seems Netscape defaults to PORT not PASV. I think the "PASV default" is Mozilla. gFTP and NcFTP use PASV default as I said. Oh well. Netscape is netscape, and there isn't anything we can do about it. :( Actually.. it looks like even netscape defaults to PASV All the important FTP clients now default to PASV. This is very cool in combination with the new "high security" firewall option. |