From owner-freebsd-security@freebsd.org  Tue Sep 13 21:07:10 2016
Return-Path: <owner-freebsd-security@freebsd.org>
Delivered-To: freebsd-security@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id A52A2BD9AF9
 for <freebsd-security@mailman.ysv.freebsd.org>;
 Tue, 13 Sep 2016 21:07:10 +0000 (UTC)
 (envelope-from rfg@tristatelogic.com)
Received: from outgoing.tristatelogic.com (segfault.tristatelogic.com
 [69.62.255.118]) by mx1.freebsd.org (Postfix) with ESMTP id 91C2B7D2
 for <freebsd-security@freebsd.org>; Tue, 13 Sep 2016 21:07:10 +0000 (UTC)
 (envelope-from rfg@tristatelogic.com)
Received: from segfault-nmh-helo.tristatelogic.com (localhost [127.0.0.1])
 by segfault.tristatelogic.com (Postfix) with ESMTP id 6673C3AEF8
 for <freebsd-security@freebsd.org>; Tue, 13 Sep 2016 14:07:09 -0700 (PDT)
From: "Ronald F. Guilmette" <rfg@tristatelogic.com>
To: freebsd-security@freebsd.org
Subject: ftpd leaks info which might be useful to an attacker
Date: Tue, 13 Sep 2016 14:07:09 -0700
Message-ID: <68595.1473800829@segfault.tristatelogic.com>
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Sep 2016 21:07:10 -0000


I've been moving all of my stuff over to a shiny new VM that I've
purchased, and in the process I am having to revisit various
configuration decisions I made 10 years ago or more.

One set of such decisions has to do with the following files:

    ~ftp/etc/group
    ~ftp/etc/pwd.db

Thinking about how the contents of these files affects the behavior of
the ftp DIR command caused me to realize that I actually would prefer
it if there were some some option available for ftpd which would cause
it to display only something like ---- where it currently attempts to
print either a user ID name or number or a group ID name or number.

I should perhaps mention that I'm using the -A option to ftpd, and that
thus, pretty much any Tom, dick, and harry on the whole Internet will
be able to log in (as anonymous) to my FTP server and then scrounge
around for intersting stuff.  I would kind of prefer if the stuff that
any such party could find would _not_ include actual user or group IDs,
or even numeric UIDs/GIDs.

So, um, anybody else agree that it might be Better if ftpd could be
coerced into not leaking this kind fo account information?