First page Back Continue Last page Summary Graphics
Case Study: ftpd
Original Berkeley implementation (and many of its descendants) used yacc to parse network input.
USER and PASS were separate commands.
Result: flag-setting, ubiquitous flag-testing, global state and at least three different security holes.
- Newer ftpds have more complex access control mechanisms and more security holes.