* display current setting of checkportcmd in STAT
* ensure that curclass.checkportcmd is initialised to 0
* document default setting of checkportcmd in ftpd(8)
* cleanup code a bit, putting code for "checkportcmd" in alphabetical order
(0 == user allowed in /etc/ftpusers, 1 == user denied in /etc/ftpusers).
from Jim Bernard <jbernard@tater.mines.edu> in [security/4061] with mods
- getopt returns -1 not EOF
- in lostcon(), call dologout(1) not dologout(-1);
controllable on a per class (which is one of: real, chroot, guest,
all or none) basis:
* on-the-fly execution of a command to build the file (a ``conversion''),
providing support for "get dirname.tar" and the like.
* displaying the contents of a file when a directory is entered
for the first time.
* maximum value for timeout (replaces -T).
* control usage of CHMOD, DELE, MKD, RMD, UMASK; replacing -DINSECURE_GUEST.
* notifying the user of the existance of a files matching a glob
pattern when a directory is entered for the first time.
* default value for timeout (replaces -t).
* default umask (replaces -DGUEST_CMASK and -u).
The conversion, display, and notify functionality was based on code by
Simon Burge <simonb@telstra.com.au>.
* clean up and re-order parts of the man page into subsections.
* STAT displays the settings defined for the class of the current user.
* bump version from 6.00 to 7.00, because of ftpd.conf.
* deprecate -DGUEST_CMASK and -DINSECURE_GUEST in the Makefile, and
-t, -T and -u, as ftpd.conf allows finer control of these.
* add "nostderr" argument to ftpd_popen(), because you don't want the
stderr stream mixing with the stdout stream during a conversion,
as this can corrupt the stream.
information in the same file by following the username with `allow'
or `deny'. Also, the user `*' can be used to set the default for
users not listed in the file. This is entirely backward compatable
with old /etc/ftpusers files.
Also, do the /etc/ftpusers and the valid login shell checks after
the password is verified, rather than before, so as not to give away
whether or not a particular user ID is present on the system.
* Set umask to 707;
* Disable UMASK, CHMOD, DELE, RMD and MKD commands.
Compile-time options let you change that umask and go back to the
old, insecure way if you like.