From 340a79f1ddb3b7ffe883d5f8ee9acad75b1a30c6 Mon Sep 17 00:00:00 2001 From: stsp Date: Fri, 9 Jan 2015 11:19:12 +0000 Subject: [PATCH] Document that ftp-proxy breaks explicit RFC4217 FTP TLS. While here, chroot and privdrop is a feature, not a bug, so move it out of CAVEATS. ok sthen --- usr.sbin/ftp-proxy/ftp-proxy.8 | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/usr.sbin/ftp-proxy/ftp-proxy.8 b/usr.sbin/ftp-proxy/ftp-proxy.8 index e4a0aad493e..396d3bf2b3e 100644 --- a/usr.sbin/ftp-proxy/ftp-proxy.8 +++ b/usr.sbin/ftp-proxy/ftp-proxy.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ftp-proxy.8,v 1.19 2012/06/25 11:49:19 jmc Exp $ +.\" $OpenBSD: ftp-proxy.8,v 1.20 2015/01/09 11:19:12 stsp Exp $ .\" .\" Copyright (c) 2004, 2005 Camiel Dobbelaar, .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: June 25 2012 $ +.Dd $Mdocdate: January 9 2015 $ .Dt FTP-PROXY 8 .Os .Sh NAME @@ -81,6 +81,9 @@ pass in from $client to $orig_server port $proxy_port \e pass out from $client to $server port $port nat-to $proxy .Ed .Pp +.Nm +chroots to "/var/empty" and changes to user "proxy" to drop privileges. +.Pp The options are as follows: .Bl -tag -width Ds .It Fl 6 @@ -193,5 +196,6 @@ The negotiated IP address for active modes is ignored for security reasons. This makes third party file transfers impossible. .Pp +Since .Nm -chroots to "/var/empty" and changes to user "proxy" to drop privileges. +acts as a man-in-the-middle it breaks explicit FTP TLS connections (RFC 4217). -- 2.20.1