[321] in linux-security and linux-alert archive
Re: wu-ftp - visible passwords.
daemon@ATHENA.MIT.EDU (Joseph S. D. Yao)
Mon Aug 14 16:59:08 1995
Date: Mon, 14 Aug 1995 11:01:52 -0400
From: "Joseph S. D. Yao" <jsdy@cais.cais.com>
To: okir@monad.swb.de
Cc: dtscott@scott.net, linux-security@tarsier.cv.nrao.edu
> [mod: I don't see this as a real problem, but it maight interest
> some of you nevertheless. Followups to Derric, please. --okir]
Okir,
Since this is meta-discussion about the problem, rather than discussion
about the problem, I'm leaving in the CC to the group, which will
happen at your discretion or not anyway.
I'm afraid that I must disagree with your evaluation. A person's
password is the key to his or her kingdom. This is not a real problem
if (a) it only has to do with anonymous FTP, or (b) it only happens on
a privately-used machine, where the password is available to the user
or users anyway. However, consider the situation where you might have
an account on ftp.uu.net, and use it to do some file transfers; and
because of that use, I am able to use your account and gain access to
something to which I should not have access. In this situation, which
perhaps you did not consider, I suggest that there would be a real
problem. This is at least as much a problem as any of the other
problems with wu-ftp that we've discussed at length.
At least, IMHO.
Joe Yao jsdy@cais.com - Joseph S. D. Yao
