Date: Fri, 05 Mar 2021 19:24:35 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 34171] ftpd(8) indiscrete about unprivileged user accounts Message-ID: <bug-34171-227-PxpJ4iDVpj@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-34171-227@https.bugs.freebsd.org/bugzilla/>
index | next in thread | previous in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=34171 David Schlachter <fbsd-bugzilla@schlachter.ca> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |fbsd-bugzilla@schlachter.ca --- Comment #6 from David Schlachter <fbsd-bugzilla@schlachter.ca> --- Created attachment 223012 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=223012&action=edit libexec/ftpd: don't leak names of unprivileged accounts This patch will apply the same logic for 1) a valid user with an invalid shell as for 2) a non-existent user. A user with an invalid shell will be prompted for a password (which will not be accepted), before being presented with a "530 Login incorrect" error. ftpd will also apply the delay time between logins, as for other failed logins. The effect is that the two cases will not be distinguishable to clients. -- You are receiving this mail because: You are the assignee for the bug.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-34171-227-PxpJ4iDVpj>