tech-userlevel archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

stop exposing usernames in ftp(1)?



In this day and age there's no real reason to expose valid local user
names to ftp servers, and some risk that doing so will attract spam.
So I think it's time we stopped doing so. The following patch makes
the anonftp password always "anonymous@".


--- main.c      10 May 2008 00:05:31 -0000      1.109
+++ main.c      7 Jun 2008 22:35:28 -0000
@@ -475,7 +475,6 @@
                if (localhome == NULL && !EMPTYSTRING(pw->pw_dir))
                        localhome = ftp_strdup(pw->pw_dir);
                localname = ftp_strdup(pw->pw_name);
-               anonuser = localname;
        }
        if (netrc[0] == '\0' && localhome != NULL) {
                if (strlcpy(netrc, localhome, sizeof(netrc)) >= sizeof(netrc) ||


-- 
David A. Holland
dholland%netbsd.org@localhost


Home | Main Index | Thread Index | Old Index