Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 2 Dec 1997 10:26:31 -0500 (EST)
From:      Robert Watson <robert@cyrus.watson.org>
To:        security@FreeBSD.ORG
Subject:   Re: Possible problem with ftpd 6.00
Message-ID:  <Pine.BSF.3.96.971202102020.427C-100000@cyrus.watson.org>
In-Reply-To: <l03130301b0a9ce618ec7@[194.100.45.1]>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Tue, 2 Dec 1997, Petri Riihikallio wrote:

> Simon Shapiro <shimon@simon-shapiro.org> wrote:
> 
> >if ( strncmp(login, "ftp, MAX_LOGIN) &&
> >     strncmp(login "anonymous", MAX_LOGIN) ) {
> >  printf("Password; ")
> >} else {
> >  printf("Your E-Mail Address, please ");
> >}
> 
> If you make this kind of change you will break all the graphical clients
> which expect "Password:".
> 
> The prompt should be "Use E-Mail Address as Password:".

Forgive me, but I am unclear on why the current arrangement is
unsatisfactory?

  % uname -a
  FreeBSD fledge.watson.org 2.2.5-STABLE FreeBSD 2.2.5-STABLE #0: Mon Dec 
  1 23:15:18 EST 1997 robert@fledge.watson.org:/home/src/sys/compile/FLEDGE 
  i386
  % ftp fledge
  Connected to fledge.watson.org.
  220- Welcome the fledge.watson.org!
  220 fledge.watson.org FTP server (Version 6.00) ready.
  Name (fledge:robert): ftp
  331 Guest login ok, send your email address as password.
  Password:

The notice clearly states that one should send ones email address as the
password.  One of the caveats of having network capability is that users
must know when (and when not) to give their passwords.  If you cannot
trust them to not enter their password when connecting to a remote system
using FTP, you really should not be even allowing them near a UNIX account
that has network access of any kind.  Education is more important here, I
think, than making changes that may break existing programs.

  Robert N Watson 

Junior, Logic+Computation, Carnegie Mellon University  http://www.cmu.edu/
Network Administrator, SafePort Network Services  http://www.safeport.com/
robert@fledge.watson.org rwatson@safeport.com http://www.watson.org/~robert/

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.971202102020.427C-100000>