From owner-freebsd-security  Fri Dec  5 00:15:26 1997
Return-Path: <owner-freebsd-security>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id AAA00648
          for security-outgoing; Fri, 5 Dec 1997 00:15:26 -0800 (PST)
          (envelope-from owner-freebsd-security)
Received: from pcadm1.tversu.ru (vadim@pcadm1.tversu.ru [194.190.141.69])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id AAA00617
          for <security@FreeBSD.ORG>; Fri, 5 Dec 1997 00:15:07 -0800 (PST)
          (envelope-from vadim@pcadm1.tversu.ru)
Received: (from vadim@localhost)
	by pcadm1.tversu.ru (8.8.7/8.8.7) id LAA27492;
	Fri, 5 Dec 1997 11:04:40 +0300 (MSK)
Message-ID: <19971205110439.23205@tversu.ru>
Date: Fri, 5 Dec 1997 11:04:39 +0300
From: Vadim Kolontsov <vadim@tversu.ru>
To: "Jordan K. Hubbard" <jkh@time.cdrom.com>
Cc: Adam Shostack <adam@homeport.org>, robert@cyrus.watson.org,
        security@FreeBSD.ORG
Subject: Re: Possible problem with ftpd 6.00
References: <199712040810.DAA19509@homeport.org> <15222.881232488@time.cdrom.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.88
In-Reply-To: <15222.881232488@time.cdrom.com>; from Jordan K. Hubbard on Thu, Dec 04, 1997 at 02:48:08AM -0800
Sender: owner-freebsd-security@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

Hi,

On Thu, Dec 04, 1997 at 02:48:08AM -0800, Jordan K. Hubbard wrote:
> > If you design systems such that people need to RTFM, your systems will
> > fail.  The FTP daemon should be re-written so that it doesn't ask for
> > a password when its offering anonymous access.  (As in http).
> 
> Which would break the heck out of many traditional FTP clients which
> expect every user, be it a legit one or an anonymous one, will result
> in a password being requested by the ftpd and they'll probably fail
> the handshake with your optimization.

  It seems like "non-password" anonymous ftp servers exist and work:

sh-2.00$ ftp koobera.math.uic.edu
Connected to koobera.math.uic.edu.
220 Hi there! This is anonftpd.
Name (koobera.math.uic.edu:vadim): ftp
230 Hi. No need to log in; I'm an anonymous ftp server.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>

  By the way, Netscape (at least Communicator 4.04) understands it.

Best regards,
V.
-- 
Vadim Kolontsov
Tver Internet Center NOC
phone: +7-(0822)-365743,