Subject: bin/12602: command-line option to apply ftpusers(5) rules after USER instead of PASS
To: None <email@example.com>
From: None <firstname.lastname@example.org>
Date: 04/10/2001 16:37:29
>Synopsis: want command-line option to apply ftpusers(5) rules after USER instead of PASS
>Arrival-Date: Tue Apr 10 14:40:00 PDT 2001
>Originator: Rob Windsor
Nose Pickers Anonymous
System: NetBSD dasher 1.5.1_ALPHA NetBSD 1.5.1_ALPHA (DASHER) #17: Sun Mar 25 11:00:53 CST 2001 windsor@dasher:/usr/src/sys/arch/i386/compile/DASHER i386
In a hostile environment (sniffers on the wire), ftpusers(5) rules
being applied after PASS effectively becomes useless in the effort
to forbid your userbase from using ftp to transfer files since they
will not be rejected until after their password has been submitted
(out in the clear).
I would like to see a flag added to ftpd such that the ftpusers(5)
rules are applied between USER and PASS instead of after PASS.
Have someone sniff your account password because you forgot that
this particular ftpd isn't for you.
Sorry, I'm not a coder.
I was asked to send this PR after discussing this with another