[Python-bugs-list] [Bug #126851] ftplib.py should default to passive mode
noreply@sourceforge.net
noreply@sourceforge.net
Mon, 08 Jan 2001 17:57:24 -0800
Bug #126851, was updated on 2000-Dec-26 12:07
Here is a current snapshot of the bug.
Project: Python
Category: Python Library
Status: Open
Resolution: None
Bug Group: Feature Request
Priority: 4
Submitted by: flight
Assigned to : gvanrossum
Summary: ftplib.py should default to passive mode
Details: For the Debian package, there has been the request that the ftplib
module should by default use passive FTP. Any comments
[Forwarded from the Debian bug tracking system, bug#71823]
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=71823&repeatmerged=yes
Sender: Mike Fisk <mfisk@lanl.gov>
Package: python-base
Version: 1.5.2-10
This is an upstream bug that has existed for quite a while (probably
forever).
With many systems living behind firewalls (including their own ipchains
filters), passive FTP should be the default for FTP clients. It always
has been for Netscape and there hasn't been much uproar about that being
bad. Python's ftplib.py supports passive mode, but defaults to
non-passive mode. ftplib.py is used by other Debian packages such as the
downloader in xanim-modules. The result, when living behind many
firewalls, is that you can't download anything using ftplib.py or
urllib.py.
The patch to fix this is trivial:
--- /usr/lib/python1.5/ftplib.py Sat Sep 16 14:31:35 2000
+++ /tmp/ftplib.py Sat Sep 16 14:31:24 2000
@@ -112,7 +112,7 @@
- port: port to connect to (integer, default previous
port)'''
if host: self.host = host
if port: self.port = port
- self.passiveserver = 0
+ self.passiveserver = 1
self.sock = socket.socket(socket.AF_INET,
socket.SOCK_STREAM)
self.sock.connect(self.host, self.port)
self.file = self.sock.makefile('rb')
--
Mike Fisk, RADIANT Team, Network Engineering Group, Los Alamos National
Lab
See http://home.lanl.gov/mfisk/ for contact information
Follow-Ups:
Date: 2001-Jan-08 17:57
By: gvanrossum
Comment:
Thomas Wouters raised the concern that passive mode makes it impossible to
access servers that are inside a firewall. I'm not sure that this is a
showstopper (does anybody do that?) but I'd like to stay on the careful
side. Thomas noted that ftplib is used for more diverse tasks than
Netscape.
Would it be sufficient to make a change to urllib that changes the
connection to passive mode in its ftpwrapper class? That would solve the
problem for urllib (most comparable to Netscape) without breaking any code
that directly uses ftplib.
-------------------------------------------------------
Date: 2000-Dec-27 15:16
By: gvanrossum
Comment:
Hmm... I like the proposed patch.
I don't know about ftp'ing into a firewall -- why would that be common?
Typically ftp servers live outside firewalls because ftp is considered
insecure...
-------------------------------------------------------
Date: 2000-Dec-27 14:13
By: twouters
Comment:
For what it's worth, I mildly agree that passive mode should be the
default. However, it does have potential for breaking stuff: using
passive-ftp *into* a firewall, instead of out of one, doesn't work. And I'm
pretty sure that Python's ftplib is used much more often in that manner
than is Netscape or whatever other ftp client defaults to passive. It's
probably not much, but I think it's enough to think twice about changing
the default ;P
-------------------------------------------------------
For detailed info, follow this link:
http://sourceforge.net/bugs/?func=detailbug&bug_id=126851&group_id=5470