ftp icon indicating copy to clipboard operation
ftp copied to clipboard
verified publisher icon LeChatErrant

Security issue

Open mamantoha opened this issue 6 years ago • 2 comments

Hi.

When I run example.cr from the repo, I'm able to view all filesystem not only root directory.

crystal example.cr -- 8090 /Users/admin/crystal/CrystalFTP

ftp localhost -p 8090
ftp> cd /usr
ftp> ls

mamantoha avatar May 04 '19 14:05 mamantoha

Does the RFC959 specify something about this? Maybe should we let the user decide if they want to expose all their filesystem or only the root directory, with an extra argument in FTPServer constructor

LeChatErrant avatar May 04 '19 14:05 LeChatErrant

Maybe should we let the user decide if they want to expose all their filesystem or only the root directory, with an extra argument in FTPServer constructor

👍

mamantoha avatar May 04 '19 14:05 mamantoha