From owner-freebsd-hackers Tue Nov 25 16:50:11 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id QAA23399 for hackers-outgoing; Tue, 25 Nov 1997 16:50:11 -0800 (PST) (envelope-from owner-freebsd-hackers) Received: from word.smith.net.au (vh1.gsoft.com.au [203.38.152.122]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id QAA23383 for ; Tue, 25 Nov 1997 16:50:02 -0800 (PST) (envelope-from mike@word.smith.net.au) Received: from word (localhost [127.0.0.1]) by word.smith.net.au (8.8.7/8.8.5) with ESMTP id LAA01546; Wed, 26 Nov 1997 11:15:26 +1030 (CST) Message-Id: <199711260045.LAA01546@word.smith.net.au> X-Mailer: exmh version 2.0zeta 7/24/97 To: warpy cc: freebsd-hackers@FreeBSD.ORG Subject: Re: Possible problem with ftpd 6.00 In-reply-to: Your message of "Tue, 25 Nov 1997 09:58:56 +1100." Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Wed, 26 Nov 1997 11:15:25 +1030 From: Mike Smith Sender: owner-freebsd-hackers@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk (redirected to -hackers, as this is not really appropriate for -security) > This morning I noticed something I didn't think should be happening. That > being the password being used by an anonymous user logging into ftp > showing up in the process list. This is intentional, as it provides a possibly useful piece of information. > However this did not happen when I logged > in as a normal user. Obviously there isn't much upon first glance that can > be done to exploit it (at least I think so), but does it need to occur at > all? What possible problems can you see with it? mike