From owner-freebsd-security  Thu Dec  4 07:26:41 1997
Return-Path: <owner-freebsd-security>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id HAA28928
          for security-outgoing; Thu, 4 Dec 1997 07:26:41 -0800 (PST)
          (envelope-from owner-freebsd-security)
Received: from fledge.watson.org (root@FLEDGE.RES.CMU.EDU [128.2.91.116])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id HAA28886
          for <security@FreeBSD.ORG>; Thu, 4 Dec 1997 07:26:31 -0800 (PST)
          (envelope-from robert@cyrus.watson.org)
Received: from cyrus.watson.org (cyrus.pr.watson.org [192.0.2.4]) by fledge.watson.org (8.8.8/8.6.10) with SMTP id KAA07510; Thu, 4 Dec 1997 10:26:02 -0500 (EST)
Date: Thu, 4 Dec 1997 10:27:52 -0500 (EST)
From: Robert Watson <robert@cyrus.watson.org>
Reply-To: Robert Watson <robert+freebsd@cyrus.watson.org>
To: Adam Shostack <adam@homeport.org>
cc: security@FreeBSD.ORG
Subject: Re: Possible problem with ftpd 6.00
In-Reply-To: <199712041054.FAA20091@homeport.org>
Message-ID: <Pine.BSF.3.96.971204102221.427H-100000@cyrus.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

On Thu, 4 Dec 1997, Adam Shostack wrote:

> Nolo contendre.
> 
> 	I've long argued that FTP is brain dead and should be
> replaced.  It has a host of misfeatures (the TCP connection back to
> the client causes uncountable headache for firewall builders, the site
> exec mechanism is just not a good idea, etc).
> 
> 	So please don't read it as a serious suggestion that we change
> the FTP daemon to fix this problem, but as an appeal to not design
> protocols that ask for ID for anonymous connection.

I think there is a general trend, given SASL, etc, for servers to not be
able to accept more information during an Anonymous authentication.
However, it is interesting to note that Pine, when making an Anonymous
IMAP4 connections, still requires a password from the user.  It doesn't
matter what you enter, but still seems to want it.  (Perhaps this is a
function of the CMU Cyrus server, in which case I should go thwack someone
here.)

Given that an increasing number of FTP clients are now Web Browsers doing
anonymous FTP, I think the problem that you point out may be diminishing
in effect.  A number of GUI clients now just have username/password
fields, or a checkbox to make the connection anonymous, in which case it
disables those fields.  Sounds like a good idea to me.  Similarly, ncftp
performs an automatic anonymous login unless you specify otherwise.  On
the other hand, the normal ftp client I would rather not touch in this
manner :).

  Robert N Watson 

Carnegie Mellon University http://www.cmu.edu/
SafePort Network Services  http://www.safeport.com/
robert@fledge.watson.org   http://www.watson.org/~robert/