SafeTP 1.40 on UNIX

This page contains errata and patches for the 1.40 release of SafeTP/Unix, for those sites that don't want to upgrade yet. This version is no longer the current version; see the main Unix page to get the current version.

GMP: SafeTP 1.40 works with (at least) GMP 2.0.2 and GMP 3.1.

Patches

This is the set of patches for 1.40. All of this functionality has been folded into the latest release.

Purpose	Get it
Fake the server's IP; gets around 'wrong IP' check.	patch
Bind sftpd to specific interfaces; forward nonlocally (or to localhost interface).	patch
Work arounds for compiler bugs in gcc 2.95.1 and 2.95.2.	patch
Fix for the annoying ^D bug in sftpc.	patch
Adds a switch, -8, which is like -9 except it allows dropdown to insecure for anonymous ftp.	patch
Adds the command "bye" as an alias for "quit" in sftpc.	patch

Supported Platforms

SafeTP 1.40 is known to work on these platforms:

• HP-UX (pa-risc/10.20)
• Solaris (sparc/2.6, x86/(?)) -- note that the install script is broken under Solaris.
• Linux (x86/2.0, x86/2.2)
• DEC OSF (alpha/(?))

Problems Encountered

These are problems people have reported, that are not necessarily bugs in SafeTP, but for which workarounds or ideas are known.

1. Problem: Shared libraries.

   Example: During make check, you get an error message like

         datablok: can't load library 'libstdc++.so.2.9'
       

   Diagnosis: Something may be wrong with your shared-library configuration. You can figure out more about your config with ldd, ldconfig, and man ld.so.
   Also, make sure you have libstdc++ installed somewhere.

   Workaround: SafeTP does not require linking with shared libraries, so you might try adding -static to the "ccflags" line in the Makefile. (You may have to start over by doing a make veryclean before recompiling.)
   Note: There appears to be a bug in the SunOS 5.6 and 5.7 linkers.

   Workaround: This has been reported as necessary on some Solaris systems:

       ln -s /usr/local/lib/libstdc++.so.2.8.1.1 /usr/lib/libstdc++.so.2.8.1.1
       ln -s /usr/local/lib/libstdc++.so.2.10.0 /usr/lib/libstdc++.so.2.10.0
       

2. Problem: g++ bugs. Bugs that prevent compilation of SafeTP 1.40 have been reported in:

   • g++ 2.95.2
   • g++ 2.95.1

   Workaround: Apply this patch.

   Or, upgrade or downgrade g++... it's known to work on:

   • egcs-2.91.66
   • g++ 2.8.1

3. Problem: g++ chokes, saying exceptions are disabled

   Cause: Older g++ had exceptions disabled by default

   Workaround: Either

   • Add "-fhandle-exceptions" (without quotes) to "ccflags" in the Makefile, or
   • Upgrade to a newer g++.

4. Problem:

       $  make
   	    CC -O -c breaker.cpp
       Make: Cannot load CC.  Stop.
       *** Error exit code 1
       

   Cause: OS vendor's make doesn't support the syntax used in the Makefile, and therefore doesn't recognize the rule for compiling C++ source files.

   Workaround: Use GNU make. It may already be installed as gmake, or you may have to get it from GNU's website.

5. Problem: When using sftpc from one account, a user sees "530 Login Incorrect" (or something to that effect), but from another account it works fine.

   Cause: On some systems (Solaris 2.6 at least), the user's shell must be listed in /etc/shells, and when it isn't, the system(3) call does something strange. (I still don't completely understand this one.)

   Workaround: Add the user's shell to /etc/shells.

6. Problem: During compile of reply.cpp, error message "no input files".

   Cause: 'make' isn't expanding $@ the way I expected.

   Workaround: Simply delete the two lines in Makefile starting with "reply.o: reply.cpp".

Known bugs

These bugs have been reported in version 1.40, and will be fixed in the next release.

1. Bug: sftpc sometimes fails its "test" with an error about crazy.nonexist.file .

   Reason: The test routine in version 1.40 has a bug in that it fails when the current working directory of sftpc is the same as the current directory of FTP session.

   Workaround: Try running sftpc from /tmp. (Be sure to remove the file "crazy.nonexist.file" from your home directory, if you've already gotten this message, because its existence will cause the test routine to fail again. Ah, the names I come up with at 3am...)

2. Bug: make check fails, saying it can't find or execute "datablok".

   Reason: The sc/check.pl script mistakenly assumes that "." (the current directory) is in the path.

   Workaround: Temporarily add "." to the path:
   csh/tcsh:
   

         % set path = ($path .)
       

   sh/bash:
   

         % PATH=$PATH:.
         % export PATH
       

   Then re-run make check.

3. "Bug": makekeys uses gets(3) for the server branding string, which provokes a warning from g++.

   Reason: Annoyance at idiotic g++ warnings (about other things) leads to rebellion against fixing them, even when easy to do so.

   Workaround: Ignore the warning. :) It's not a security risk because makekeys is not (and never will be) setuid root. Nevertheless, I'll change it in the next release.

4. Bug: The install script has several problems on Solaris. Specifically, brace expansion doesn't work right, "hostname -f" changes the hostname to "-f", and the process-id discovery routine is broken.

   Workaround: I'll try to get a working Solaris install script ready soon; for now, the manual install instructions (install.txt) may be the best alternative.

5. Bug: When a user types Ctrl-D into sftpc, it goes haywire, spewing lots of 'sftpc>' prompts.

   Reason: Failure to check for EOF in the user's input stream (doh!).

   Workaround: Get this patch.

6. Bug:

       % make
       g++ -c -g -Wall  -DSAFETP  -D__LINUX__=226 -D__UNIX__ -D__STRICT_ANSI__ -D_POSIX_SOURCE -DLITTLE_ENDIAN -I. -Icrypto  sockutil.cpp -o sockutil.o
       sockutil.cpp: In function `SOCKET accept_socket(unsigned int)':
       sockutil.cpp:343: passing `int *' as argument 3 of `accept(int, sockaddr *, socklen_t *)' changes signedness
       

   Cause: The 3rd argument to some socket functions is 'signed' on some systems and 'unsigned' on others. Worse, g++ has recently decided to start enforcing the distinction. The Makefile.${PLATFORM} is supposed to isolate the dependency, but isn't always right.

   Workaround: You can add explicit casts to sockutil.cpp; only that file will need changing. For example, change

       SOCKET ret = accept(s, &saddr, &saddrLen);
       

   to

       SOCKET ret = accept(s, &saddr, (unsigned*) &saddrLen);
       

   Or, take a look at sockutil.cpp around line 329, and see how to fix the Makefile.

   The right solution is some sort of autoconfiguration (barring (gasp!) standard library interfaces), which will be used in the next release.

7. sftpc doesn't work well under Win98. Characters entered at one prompt get entered into the next prompt, and it crashes altogether sometimes.

   Cause: Unknown.

   Workaround: Don't use sftpc under Win98. It works under NT. Or better yet, use the Windows SafeTP client and a GUI client.

Documentation Errata

1. ports.txt incorrectly states that port 22 is the traditional data channel port. Port 20 is the correct port.

2. The installation default does not permit RFC959 (normal, insecure) FTP connections. To enable them:

   • remove the "-9" command-line switch to sftpd in inetd.conf
   • shell# kill -HUP <inetd's pid>
   Or, remove the -9 in install.pl before installing.

Back to main page.