From owner-freebsd-hackers Fri Oct 18 07:40:23 1996 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id HAA27177 for hackers-outgoing; Fri, 18 Oct 1996 07:40:23 -0700 (PDT) Received: from bloom-beacon.MIT.EDU (BLOOM-BEACON.MIT.EDU [18.181.0.26]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id HAA27168 for ; Fri, 18 Oct 1996 07:40:19 -0700 (PDT) Received: (from uucp@localhost) by bloom-beacon.MIT.EDU (8.7.6/25-eef) with UUCP id KAA02072 for freebsd-hackers@freebsd.org; Fri, 18 Oct 1996 10:34:12 -0400 (EDT) Received: from localhost by orchard.medford.ma.us (8.7.5/1.34) id OAA26180; Fri, 18 Oct 1996 14:31:53 GMT Message-Id: <199610181431.OAA26180@orchard.medford.ma.us> To: Joe Greco cc: gibbs@freefall.freebsd.org (Justin T. Gibbs), karl@mcs.net, jdp@polstra.com, ache@nagual.ru, guido@gvr.win.tue.nl, thorpej@nas.nasa.gov, phk@critter.tfs.com, freebsd-hackers@freebsd.org, tech-userlevel@netbsd.org Subject: Re: cvs commit: src/lib/libc/db/hash hash_buf.c In-reply-to: Your message of "Fri, 18 Oct 1996 08:24:48 -0500 (CDT) ." <199610181324.IAA02709@brasil.moneng.mei.com> Date: Fri, 18 Oct 1996 10:31:45 -0400 From: Bill Sommerfeld Sender: owner-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk This whole thread is silly. The data in question (encrypted passwords) is stored in a certain file which is mode 0600 owned by root. It makes no sense to go to extreme measures to make it more protected than that, especially since (in this case) the FTP server presumably just received the (infinitely more dangerous) *plaintext* password in the clear over the net. It's probably still lurking about in the stdio buffers... Now, if you're using ftp with s/key or kerberos, maybe ftpd should be fixed so that it only tries to fetch the unexpurgated passwd entry if a plaintext password is sent.. - Bill