Hello! > > After 4.5.43 chmod fails without warning if it called not > > from root directory at ftp site. So uploading over mc ftpfs > > can be insecure because uploaded files/directories have > > default permissions. > > I just want to clarify that the default permissions are not necessarily > bad. The server must be seriously misconfigured to allow other users to > modify the uploaded files. Normally the umask is 022, i.e. other users > can just read the new files. Relying on FTP when uploading the files that > may not be read is not a good idea anyway, since FTP transfers data in > cleartext.
But you need some knowledge level, rights and luck to listen right ports in right time. > I acknoledge that the bug is security-related. However, it doesn't > warrant an emergency release in my opinion. Does we want to maintain 4.5.x barnch and do users need gmc is much more important question. > I don't think that using umask is worth the trouble, partly for the > reasons explained above, partly because it only affects FTP upload. > It also takes time to send a command and wait for the result. Well, it may be configurable option in VFS Option menu. BTW I want add "Use Unix ls options" there because wu-ftpd 2.6.1 understands "LIST -la" as "LIST -laR" and confuses mc parser. Regards, Andrew. _______________________________________________ Mc-devel mailing list [EMAIL PROTECTED] http://mail.gnome.org/mailman/listinfo/mc-devel
