Date: Sun, 18 Aug 2024 21:37:22 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 280915] libfetch: Change default FTP password to anonymous@anonymous Message-ID: <bug-280915-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D280915 Bug ID: 280915 Summary: libfetch: Change default FTP password to anonymous@anonymous Product: Base System Version: CURRENT Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: bin Assignee: bugs@FreeBSD.org Reporter: mallorya@fastmail.com Created attachment 252900 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D252900&action= =3Dedit libfetch: Change default FTP password to anonymous@anonymous Current default behavior is to send username@hostname to any FTP server that asks. Leaking username and hostname to every FTP server should be opt-in not opt-= out. Users desiring this behavior can set this variable: ``` FTP_PASSWORD=3D`whoami`@`hostname` ``` You can verify that `fetch(1)` sends username & hostname with the following= two commands: ``` doas pkg install netcat echo -e '220\n331\n' | netcat -lp 8080 ``` ``` fetch -vv ftp://localhost:8080 ``` See attached patch. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-280915-227>