Stefan Laudat writes:
> Hi Aleph,
> Please add this to the 'quick fix collection'. Thanks.
>
> > > ftp> ls */../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*
> > disable globbing symbols with: DenyFilter "[\*\?]" ?
>
> ... and as a quick fix for nasty shell users having bash prompts on
> your machine, just enter 'set -f' in the /etc/profile. Of course,
> until we will get a fixed bash or a fixed libc(?).
This would be an enormous pain for your users, and furthermore won't
help. If they have a shell, they can simply do `set +f', or run a
different shell without such restrictions, or they can even run any
other program to suck up tons of memory (`for(;;) malloc(1024);'). To
prevent every possible case of this, and have some actual (rather than
illusory) security, man ulimit.
There is no bug in bash or in libc; it's a feature. I wouldn't want a
system that put arbitrary limits on globbing.
--
Nate Eldredge
[EMAIL PROTECTED]
