[435] in linux-security and linux-alert archive
Slackware ftpd wrap-up
daemon@ATHENA.MIT.EDU (Olaf Kirch)
Fri Oct 27 19:43:16 1995
From: okir@monad.swb.de (Olaf Kirch)
To: linux-security@tarsier.cv.nrao.edu
Date: Fri, 27 Oct 1995 22:55:06 +0100 (MET)
-----BEGIN PGP SIGNED MESSAGE-----
Hi all,
there have been a large number of followups concerning the `hole' in
Slackware's ftp configuration, stating that:
* Slackware 3.0 comes with wu-ftpd
* Both wu-ftpd and diku-ftpd do not use ~ftp/etc/passwd to
authenticate users.
Thanks go to the following people (whose postings I did not approve):
Tudor Popescu (root@ts.pcnet.ro)
Matt Sommer (mms@elwha.eveergreen.edu)
James W. Abendschau (jwa@ecosys.nbs.nau.edu)
Matti Aarnio (mea@utu.fi)
Dan (root@sasami.anime.net)
Cheers
Olaf
PS: Note that while most ftpd's use ~ftp/etc/passwd only for the mapping
of uid's, you should not take this as a natural law. For instance, HP's
ftpd allows anonymous users to re-authenticate themselves based on this
file.
- --
Olaf Kirch | --- o --- Nous sommes du soleil we love when we play
okir@monad.swb.de | / | \ sol.dhoop.naytheet.ah kin.ir.samse.qurax
For my PGP public key, finger okir@brewhq.swb.de.
-----BEGIN PGP SIGNATURE-----
Version: 2.6
iQCVAgUBMJFVKuFnVHXv40etAQFMGAP/VcOPbMCwUk9R2q+zsPhhLLDPEcqQIQ6S
OzUCG4qmFEuud0H0SwF9XDEyNZkmkZS+lgtE3llWal7SXwqcWSrja61+AubuC+bB
Y5/lunBq/BtQu3EdJliaqK20z1ODHcQQ+DYL17QZhlkc0r3tNqn3LEus5as12Wfe
P/Zso9HjkRE=
=2XWK
-----END PGP SIGNATURE-----
