stop exposing usernames in ftp(1)?

To: tech-userlevel%netbsd.org@localhost
Subject: stop exposing usernames in ftp(1)?
From: David Holland <dholland-tech%netbsd.org@localhost>
Date: Sat, 30 Aug 2008 17:08:34 +0000

In this day and age there's no real reason to expose valid local user
names to ftp servers, and some risk that doing so will attract spam.
So I think it's time we stopped doing so. The following patch makes
the anonftp password always "anonymous@".


--- main.c      10 May 2008 00:05:31 -0000      1.109
+++ main.c      7 Jun 2008 22:35:28 -0000
@@ -475,7 +475,6 @@
                if (localhome == NULL && !EMPTYSTRING(pw->pw_dir))
                        localhome = ftp_strdup(pw->pw_dir);
                localname = ftp_strdup(pw->pw_name);
-               anonuser = localname;
        }
        if (netrc[0] == '\0' && localhome != NULL) {
                if (strlcpy(netrc, localhome, sizeof(netrc)) >= sizeof(netrc) ||


-- 
David A. Holland
dholland%netbsd.org@localhost

Follow-Ups:
- Re: stop exposing usernames in ftp(1)?
  - From: Steven M. Bellovin

Prev by Date: RFC - add snscanf(3) to stdio
Next by Date: Re: stop exposing usernames in ftp(1)?
Previous by Thread: RFC - add snscanf(3) to stdio
Next by Thread: Re: stop exposing usernames in ftp(1)?
Indexes:

Home | Main Index | Thread Index | Old Index