From owner-freebsd-security Thu Dec 4 02:48:24 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id CAA10760 for security-outgoing; Thu, 4 Dec 1997 02:48:24 -0800 (PST) (envelope-from owner-freebsd-security) Received: from time.cdrom.com (root@time.cdrom.com [204.216.27.226]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id CAA10752 for ; Thu, 4 Dec 1997 02:48:19 -0800 (PST) (envelope-from jkh@time.cdrom.com) Received: from time.cdrom.com (jkh@localhost.cdrom.com [127.0.0.1]) by time.cdrom.com (8.8.7/8.6.9) with ESMTP id CAA15226; Thu, 4 Dec 1997 02:48:08 -0800 (PST) To: Adam Shostack cc: robert@cyrus.watson.org, security@FreeBSD.ORG Subject: Re: Possible problem with ftpd 6.00 In-reply-to: Your message of "Thu, 04 Dec 1997 03:10:04 EST." <199712040810.DAA19509@homeport.org> Date: Thu, 04 Dec 1997 02:48:08 -0800 Message-ID: <15222.881232488@time.cdrom.com> From: "Jordan K. Hubbard" Sender: owner-freebsd-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk > If you design systems such that people need to RTFM, your systems will > fail. The FTP daemon should be re-written so that it doesn't ask for > a password when its offering anonymous access. (As in http). Which would break the heck out of many traditional FTP clients which expect every user, be it a legit one or an anonymous one, will result in a password being requested by the ftpd and they'll probably fail the handshake with your optimization. Jordan