Hi, Francesco, Thanks for your reply!
On Thu, Feb 24, 2011 at 02:43:16PM +0100, Francesco P. Lovergine wrote: > On Tue, Feb 22, 2011 at 06:31:21PM +1100, John Zaitseff wrote: > > As mentioned in previous e-mails, I have been investigating the > > problems of DisplayReadme, DirFakeUser, DirFakeGroup, > > DirFakeMode, HideUser, HideGroup and HideNoAccess not working in > > the ProFTPD package, versions 1.3.3a-6 and 1.3.3d-3. > > > > [...] > > John, many thanks for your deep investigation. So, apparently we > have still a few open regressions, which I'm afraid could be fixed > only by a successive backport from testing in squeeze. You know, > stable upgrade policy is quite restrictive in Debian about non > critical or security bugs. Yes, I'm very aware that the stable upgrade policy is (for good reasons) very restrictive. However, it seems to me that you could make a good case for such a backport because of the DisplayReadme directive: this breaks the FTP protocol itself in a major way. The HideNoAccess directive could also be argued to be security-related: this being broken allows access to files and directories the administrator specifically did not want FTP users to access. With regards to the DisplayReadme directive, you can note from ProFTPD bug #3605 (http://bugs.proftpd.org/show_bug.cgi?id=3605) that TJ Saunders has developed a couple of patches that solve this problem. I can confirm that these patches work as advertised: I have compiled the CVS HEAD version and tried it out. Similarly, TJ solved the relatively minor problems with DirFakeUser, DirFakeGroup and DirFakeMode, as documented in ProFTPD bug #3604 (http://bugs.proftpd.org/show_bug.cgi?id=3604). I have also tested these changes: they work. Whether you take these patches directly, or wait until 1.3.4 is released (with these patches, I hope!), is your call. Thanks in advance for helping solve these problems! Yours truly, John Zaitseff -- John Zaitseff ,--_|\ The ZAP Group Phone: +61 2 9643 7737 / \ Sydney, Australia E-mail: j.zaits...@zap.org.au \_,--._* http://www.zap.org.au/ v -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
