From owner-freebsd-bugs  Tue Aug  7 22:40:13 2001
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id F2F0337B40C
	for <freebsd-bugs@hub.freebsd.org>; Tue,  7 Aug 2001 22:40:02 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.11.4/8.11.4) id f785e2S51972;
	Tue, 7 Aug 2001 22:40:02 -0700 (PDT)
	(envelope-from gnats)
Date: Tue, 7 Aug 2001 22:40:02 -0700 (PDT)
Message-Id: <200108080540.f785e2S51972@freefall.freebsd.org>
To: freebsd-bugs@FreeBSD.org
Cc: 
From: Yoshihiro Koya <Yoshihiro.Koya@math.yokohama-cu.ac.jp>
Subject: RE: bin/29487: ftpd leaks password typed as username by mistake
Reply-To: Yoshihiro Koya <Yoshihiro.Koya@math.yokohama-cu.ac.jp>
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-bugs.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-bugs>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-bugs>
X-Loop: FreeBSD.org

The following reply was made to PR bin/29487; it has been noted by GNATS.

From: Yoshihiro Koya <Yoshihiro.Koya@math.yokohama-cu.ac.jp>
To: mheffner@vt.edu, mheffner@novacoxmail.com
Cc: Yoshihiro.Koya@math.yokohama-cu.ac.jp,
	FreeBSD-gnats-submit@freebsd.org
Subject: RE: bin/29487: ftpd leaks password typed as username by mistake
Date: Wed, 08 Aug 2001 14:40:45 +0900

 Hello,
 
 From: Mike Heffner <mheffner@novacoxmail.com>
 Subject: RE: bin/29487: ftpd leaks password typed as username by mistake
 Date: Mon, 06 Aug 2001 21:38:28 -0400 (EDT)
 Message-ID: <XFMail.20010806213828.mheffner@novacoxmail.com>
 
 > On 06-Aug-2001 Yoshihiro Koya wrote:
 > | 
 > | It might quite often to type the password instead of username 
 > | to ftp clients by mistake.
 > | In that case, ftpd(8) on FreeBSD logges the usenames into
 > | /var/log/messages as follows
 > 
 > But this information is sometimes relevant if you would like to be able to tell
 > the difference between an attacker probing several different accounts and a
 > normal user mistyping their username.
 
 Yes. I agree with you. But, I thought at that time that the defect 
 that ftpd may leak the password is more harmful than the defect that
 I'm not able to distinguish the deference between  mistype and attacks.
 
 > | 
 > |       Aug  6 22:19:28 presario ftpd[814]: FTP LOGIN FAILED FROM localhost,
 > mypass 
 > | 
 > | On the other hand, evey user on the system can access /var/log/messages.
 > | It might cause security related problems. 
 > 
 > A better way might be to log the username info to a different facility, auth,
 > authpriv or something that's not logged to a world readable file.
 
 I agree with you again. I think that your suggestion might be a 
 better one. 
 
 koya

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message