LISTSERV - HP3000-L Archives

HP3000-L Archives

April 2001, Week 2

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L April 2001, Week 2

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: FTP and Glob
From:	Mark Bixby <[log in to unmask]>
Reply To:	Mark Bixby <[log in to unmask]>
Date:	Tue, 10 Apr 2001 11:28:12 -0700
Content-Type:	text/plain
Parts/Attachments:	text/plain (64 lines)

Hi HP3000-L,

There is a glob() in the POSIX libc
(http://docs.hp.com/mpeix/onlinedocs/36430-90007/00/00/65-con.html).

But AFAIK, and I have never looked at the source code, the MPE FTP server is
using :LISTFILE to expand fileset wildcards.  So glob() is probably not being
used by the FTP server.

I have never looked at the glob() source code either, but I suspect it may have
a different origin than Linux glob().

- Mark B. (haven't read the CERT advisory yet, probably should do that)

"HOFMEISTER,JAMES (HP-USA,ex1)" wrote:
>
> Hello Folks,
>
> Re: FTP and Glob
>
> --------------------------------------------------Tracy Johnson writes--
> I seem to recall that using wildcards in FTP was a discussion item in
> the past here.  I noticed the latest from the CERT advisory today:
>
> "  A variety of FTP servers incorrectly manage buffers in a way that
>    can lead to remote intruders executing arbitrary code on the FTP
>    server.  The incorrect management of buffers is centered around the
>    return from the glob() function, and may be confused with a related
>    denial-of-service problem. These problems were discovered by the
>    COVERT Labs at PGP Security."  My only wonder is, is an HPe3000
>    problem also?
> --------------------------------------------------Tracy Johnson writes--
>
> Nop, my understanding is glob() is a function of the Streams protocol
> stack and FTP/iX on the HP e3000 does not run over the Streams protocol
> stack.
>
> FTP/iX on the HP e3000 runs on the TCP/IP protocol stack executing BSD
> socket calls.  TCP/IP and the NETIPC & BSD sockets on the HP e3000 talk
> to a "proprietary" buffer manager unique to MPE.
>
> Regards,
>
>      _/       James Hofmeister  WCSO SSD - WW Network Tech Expert Center
>     _/              Mail        2124 Barrett Park Drive Suite B. M/S F2
>    _/_/_/  _/_/_/               Kennesaw, GA   30144   U.S.A.
>   _/  _/  _/  _/    Phone/Fax   Telnet (770) 795-6426  /  (770) 795-5707
>  _/  _/  _/_/_/     E-Mail      [log in to unmask]
>        _/           Web         http://wtec.cup.hp.com/~netmpe/
>                     VRC Chat    musketeer_mpenet
>
> Joined EC_NET_MPE Musketeer ?
> check out  http://wtec.cup.hp.com/~netmpe/documents/musketeer.htm
>
> * To join/leave the list, search archives, change list settings, etc *
> *     please visit http://raven.utc.edu/archives/hp3000-l.html       *

--
[log in to unmask]
Remainder of .sig suppressed to conserve scarce California electrons...

* To join/leave the list, search archives, change list settings, etc *
*     please visit http://raven.utc.edu/archives/hp3000-l.html       *

ATOM RSS1 RSS2

RAVEN.UTC.EDU