From owner-freebsd-security  Thu Dec  4 02:48:24 1997
Return-Path: <owner-freebsd-security>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id CAA10760
          for security-outgoing; Thu, 4 Dec 1997 02:48:24 -0800 (PST)
          (envelope-from owner-freebsd-security)
Received: from time.cdrom.com (root@time.cdrom.com [204.216.27.226])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id CAA10752
          for <security@FreeBSD.ORG>; Thu, 4 Dec 1997 02:48:19 -0800 (PST)
          (envelope-from jkh@time.cdrom.com)
Received: from time.cdrom.com (jkh@localhost.cdrom.com [127.0.0.1]) by time.cdrom.com (8.8.7/8.6.9) with ESMTP id CAA15226; Thu, 4 Dec 1997 02:48:08 -0800 (PST)
To: Adam Shostack <adam@homeport.org>
cc: robert@cyrus.watson.org, security@FreeBSD.ORG
Subject: Re: Possible problem with ftpd 6.00 
In-reply-to: Your message of "Thu, 04 Dec 1997 03:10:04 EST."
             <199712040810.DAA19509@homeport.org> 
Date: Thu, 04 Dec 1997 02:48:08 -0800
Message-ID: <15222.881232488@time.cdrom.com>
From: "Jordan K. Hubbard" <jkh@time.cdrom.com>
Sender: owner-freebsd-security@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

> If you design systems such that people need to RTFM, your systems will
> fail.  The FTP daemon should be re-written so that it doesn't ask for
> a password when its offering anonymous access.  (As in http).

Which would break the heck out of many traditional FTP clients which
expect every user, be it a legit one or an anonymous one, will result
in a password being requested by the ftpd and they'll probably fail
the handshake with your optimization.

					Jordan