Bug 16134 - Command line FTP clients should default to PASV transfers not PORT transfers
Summary: Command line FTP clients should default to PASV transfers not PORT transfers
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: ftp   
(Show other bugs)
Version: 7.0
Hardware: i386 Linux
Target Milestone: ---
Assignee: Phil Knirsch
QA Contact:
Keywords: Security
Depends On:
TreeView+ depends on / blocked
Reported: 2000-08-14 00:21 UTC by Chris Evans
Modified: 2015-03-05 01:08 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2000-08-17 08:27:38 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Chris Evans 2000-08-14 00:21:06 UTC
The subject says it all really.
Both /usr/bin/ftp and /usr/kerberos/bin/ftp are affected.
I guess I'd better explain why I'd like this changed ;-)
Check out http://cr.yp.to/ftp/security.html for a succint summary of the
relevant details.
NOTE that most other RedHat shipped FTP clients pick the better PASV
default. Some examples are: gFTP, Netscape, NcFTP

Comment 1 Phil Knirsch 2000-08-16 10:11:21 UTC
As of RFC1123 (Requirements for Internet Hosts -- Application and Support,
October 1989) every FTP MUST implement the PASV command, and as pointed out,
PORT is really not save.

Therefore i've changed the default behaviour of the command line ftp client to
be in passive mode and the -p option will still work, although won't do much

The change is reflected in the usage and manpages as well.

Comment 2 Nalin Dahyabhai 2000-08-16 19:54:53 UTC
The version of ftp from /usr/kerberos/bin has now had its behavior changed as

Comment 3 Chris Evans 2000-08-16 23:16:48 UTC
Guys, superb effort and turnaround time.
One clarification to make
It seems Netscape defaults to PORT not PASV.
I think the "PASV default" is Mozilla.
gFTP and NcFTP use PASV default as I said.

Comment 4 Bill Nottingham 2000-08-16 23:21:20 UTC
Oh well. Netscape is netscape, and there isn't anything we
can do about it. :(

Comment 5 Chris Evans 2001-02-08 15:22:52 UTC
Actually.. it looks like even netscape defaults to PASV

All the important FTP clients now default to PASV. This is
very cool in combination with the new "high security" firewall option.

Note You need to log in before you can comment on or make changes to this bug.