[428] in linux-security and linux-alert archive
Re: slackware 3.0 bad hole
daemon@ATHENA.MIT.EDU (Olaf Kirch)
Thu Oct 26 15:54:00 1995
From: okir@monad.swb.de (Olaf Kirch)
To: linux-security@tarsier.cv.nrao.edu
Date: Wed, 25 Oct 1995 12:22:04 +0100
Jean-Luc Duprat wrote:
> I've just finished installing slackware 3.0 from the Walnut Creek cdrom and to
> my horror I saw that in ~ftp/etc the password file has root with no password:
Whether this is really a security problem depends on the ftpd you're
using. wu-ftpd will not allow sub-logins from within the guest account.
(Neither will it let you log into passwordless accounts, even if they
appeared in /etc/passwd).
So the question is which ftpd is Slackware using?
Olaf
