Date: Thu, 04 Dec 1997 07:24:03 -0800 From: Cy Schubert - ITSD Open Systems Group <cschuber@uumail.gov.bc.ca> To: Adam Shostack <adam@homeport.org> Cc: jkh@time.cdrom.com (Jordan K. Hubbard), security@freebsd.org Subject: Re: Possible problem with ftpd 6.00 Message-ID: <199712041524.HAA17752@cwsys.cwsent.com> In-Reply-To: Your message of "Thu, 04 Dec 1997 05:54:35 EST." <199712041054.FAA20091@homeport.org>
next in thread | previous in thread | raw e-mail | index | archive | help
>
> Jordan K. Hubbard wrote:
> | > If you design systems such that people need to RTFM, your systems will
> | > fail. The FTP daemon should be re-written so that it doesn't ask for
> | > a password when its offering anonymous access. (As in http).
> |
> | Which would break the heck out of many traditional FTP clients which
> | expect every user, be it a legit one or an anonymous one, will result
> | in a password being requested by the ftpd and they'll probably fail
> | the handshake with your optimization.
>
> Nolo contendre.
>
> I've long argued that FTP is brain dead and should be
> replaced. It has a host of misfeatures (the TCP connection back to
> the client causes uncountable headache for firewall builders, the site
> exec mechanism is just not a good idea, etc).
That's what FTP's passive mode is for.
>
> So please don't read it as a serious suggestion that we change
> the FTP daemon to fix this problem, but as an appeal to not design
> protocols that ask for ID for anonymous connection.
>
> Adam
Regards, Phone: (250)387-8437
Cy Schubert Fax: (250)387-5766
UNIX Support OV/VM: BCSC02(CSCHUBER)
ITSD BITNET: CSCHUBER@BCSC02.BITNET
Government of BC Internet: cschuber@uumail.gov.bc.ca
Cy.Schubert@gems8.gov.bc.ca
"Quit spooling around, JES do it."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199712041524.HAA17752>