Hi HP3000-L,
There is a glob() in the POSIX libc
(http://docs.hp.com/mpeix/onlinedocs/36430-90007/00/00/65-con.html).
But AFAIK, and I have never looked at the source code, the MPE FTP server is
using :LISTFILE to expand fileset wildcards. So glob() is probably not being
used by the FTP server.
I have never looked at the glob() source code either, but I suspect it may have
a different origin than Linux glob().
- Mark B. (haven't read the CERT advisory yet, probably should do that)
"HOFMEISTER,JAMES (HP-USA,ex1)" wrote:
>
> Hello Folks,
>
> Re: FTP and Glob
>
> --------------------------------------------------Tracy Johnson writes--
> I seem to recall that using wildcards in FTP was a discussion item in
> the past here. I noticed the latest from the CERT advisory today:
>
> " A variety of FTP servers incorrectly manage buffers in a way that
> can lead to remote intruders executing arbitrary code on the FTP
> server. The incorrect management of buffers is centered around the
> return from the glob() function, and may be confused with a related
> denial-of-service problem. These problems were discovered by the
> COVERT Labs at PGP Security." My only wonder is, is an HPe3000
> problem also?
> --------------------------------------------------Tracy Johnson writes--
>
> Nop, my understanding is glob() is a function of the Streams protocol
> stack and FTP/iX on the HP e3000 does not run over the Streams protocol
> stack.
>
> FTP/iX on the HP e3000 runs on the TCP/IP protocol stack executing BSD
> socket calls. TCP/IP and the NETIPC & BSD sockets on the HP e3000 talk
> to a "proprietary" buffer manager unique to MPE.
>
> Regards,
>
> _/ James Hofmeister WCSO SSD - WW Network Tech Expert Center
> _/ Mail 2124 Barrett Park Drive Suite B. M/S F2
> _/_/_/ _/_/_/ Kennesaw, GA 30144 U.S.A.
> _/ _/ _/ _/ Phone/Fax Telnet (770) 795-6426 / (770) 795-5707
> _/ _/ _/_/_/ E-Mail [log in to unmask]
> _/ Web http://wtec.cup.hp.com/~netmpe/
> VRC Chat musketeer_mpenet
>
> Joined EC_NET_MPE Musketeer ?
> check out http://wtec.cup.hp.com/~netmpe/documents/musketeer.htm
>
> * To join/leave the list, search archives, change list settings, etc *
> * please visit http://raven.utc.edu/archives/hp3000-l.html *
--
[log in to unmask]
Remainder of .sig suppressed to conserve scarce California electrons...
* To join/leave the list, search archives, change list settings, etc *
* please visit http://raven.utc.edu/archives/hp3000-l.html *
|