このページは福井県立大学の田中求之が2006年1月まで運用していた Mac のサーバ運用に関する会議室 「Web Scripter's Meeting」の記録です。情報が古くなっている可能性がありますのでご注意ください。

Rumpus 1.3.5

発言者:田中求之
( Date Monday, June 11, 2001 16:24:58 )


投稿するのを忘れてましたが、Rumpus 1.3.5 が出ています。

Rumpus 1.3.5 is now available.  It includes a fix for the OS 9 transfer 
problem where files were left open, as well as the phantom feature that 
caused "cool" folders to be invisible in directory listings.

If you are running Rumpus on OS 9, this update is highly recommended.

ということです。

→  Rumpus (Maxum)

田中求之 さんからのコメント
( Saturday, June 16, 2001 16:48:40 )

1.3.6 が出ました。

A new version of Rumpus is now available.  Rumpus 1.3.6 fixes a problem 
where a specially designed mkdir command can cause Rumpus to crash or 
hang.  This problem is considered serious because it could potentially be 
used in a Denial of Service attack against the server.  Accordingly, we 
are releasing the fixed version specifically to resolve this issue.

However, as was also the case with another security-related problem 
brought up recently, this weakness can only be exploited by an 
authenticated user with file and folder creation access to your server.  
Authenticated FTP access to secure servers should always be safely 
gaurded from those that would cause intentional harm to a server.  
Directory creation rights and file upload capabilities are, by their very 
nature, privileges that should be restricted from unauthorized users.

So, we strongly recommend that everyone download and upgrade to the new 
version, especially if you are concerned that your users might try to 
crash your server, or if you have given anonymous users file upload 
and/or directory creation privileges.

とのことです