From tep@SDSC.EDU Fri May 29 16:39:35 1998
Received: from MIT.EDU (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.69.0.28]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id QAA12665 for <bugs@RT-11.MIT.EDU>; Fri, 29 May 1998 16:39:35 -0400
Received: from postal.sdsc.edu by MIT.EDU with SMTP
id AA24322; Fri, 29 May 98 16:39:31 EDT
Received: from galt (g0ldSkVTA058Ep2cWQ6l2jpNVKhpglB+@galt.sdsc.edu [132.249.40.111])
by postal.sdsc.edu (8.8.8/8.8.8/SDSCserver-16) with SMTP id NAA03844
for <krb5-bugs@mit.edu>; Fri, 29 May 1998 13:39:28 -0700 (PDT)
Received: by galt (SMI-8.6/1.11-client)
id NAA13346; Fri, 29 May 1998 13:39:27 -0700
Message-Id: <199805292039.NAA13346@galt>
Date: Fri, 29 May 1998 13:39:27 -0700
From: Tom Perrine <tep@SDSC.EDU>
Reply-To: tep@SDSC.EDU
To: krb5-bugs@MIT.EDU
Subject: kftpd supports anonymous, but is not "strong"
X-Send-Pr-Version: 3.99
System: SunOS galt 5.5.1 Generic_103640-18 sun4u sparc SUNW,Ultra-1
Architecture: sun4
code, and does not have the features to support this well. The WU-FTPD
and the logdaemon ftpd are both better options.
This patch allows a site to force non-support of anonymous
FTP even if a host is mis-configured by either its owner or
an intruder.
This is a simple way to add defense in depth. Also, anonymous login
attempts to a Kerberos FTP server in fall-back mode might be a good tripwire.
diff -r src.original/appl/gssftp/ftpd/ftpd.c src/appl/gssftp/ftpd/ftpd.c
564a565,573
Received: from MIT.EDU (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.69.0.28]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id QAA12665 for <bugs@RT-11.MIT.EDU>; Fri, 29 May 1998 16:39:35 -0400
Received: from postal.sdsc.edu by MIT.EDU with SMTP
id AA24322; Fri, 29 May 98 16:39:31 EDT
Received: from galt (g0ldSkVTA058Ep2cWQ6l2jpNVKhpglB+@galt.sdsc.edu [132.249.40.111])
by postal.sdsc.edu (8.8.8/8.8.8/SDSCserver-16) with SMTP id NAA03844
for <krb5-bugs@mit.edu>; Fri, 29 May 1998 13:39:28 -0700 (PDT)
Received: by galt (SMI-8.6/1.11-client)
id NAA13346; Fri, 29 May 1998 13:39:27 -0700
Message-Id: <199805292039.NAA13346@galt>
Date: Fri, 29 May 1998 13:39:27 -0700
From: Tom Perrine <tep@SDSC.EDU>
Reply-To: tep@SDSC.EDU
To: krb5-bugs@MIT.EDU
Subject: kftpd supports anonymous, but is not "strong"
X-Send-Pr-Version: 3.99
Show quoted text
>Number: 602
>Category: krb5-appl
>Synopsis: kftpd supports anonymous, but is not "strong"
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: krb5-unassigned
>State: open
>Class: change-request
>Submitter-Id: unknown
>Arrival-Date: Fri May 29 16:40:01 EDT 1998
>Last-Modified:
>Originator: Tom Perrine
>Organization:
San Diego Supercomputer Center, San Diego CA>Category: krb5-appl
>Synopsis: kftpd supports anonymous, but is not "strong"
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: krb5-unassigned
>State: open
>Class: change-request
>Submitter-Id: unknown
>Arrival-Date: Fri May 29 16:40:01 EDT 1998
>Last-Modified:
>Originator: Tom Perrine
>Organization:
Show quoted text
>Release: krb5-1.0.5
>Environment:
>Environment:
System: SunOS galt 5.5.1 Generic_103640-18 sun4u sparc SUNW,Ultra-1
Architecture: sun4
Show quoted text
>Description:
The kftpd supports anonymous login, but is based on rather oldcode, and does not have the features to support this well. The WU-FTPD
and the logdaemon ftpd are both better options.
This patch allows a site to force non-support of anonymous
FTP even if a host is mis-configured by either its owner or
an intruder.
This is a simple way to add defense in depth. Also, anonymous login
attempts to a Kerberos FTP server in fall-back mode might be a good tripwire.
Show quoted text
>How-To-Repeat:
Use kftp and log in as anonymous or ftp.Show quoted text
>Fix:
diff -r src.original/appl/gssftp/ftpd/ftpd.c src/appl/gssftp/ftpd/ftpd.c
564a565,573
Show quoted text
> #ifdef NOANONYMOUS
> reply(530, "User %s access denied.", name);
> if (logging)
> syslog(LOG_NOTICE,
> "ANONYMOUS FTP LOGIN REFUSED (not supported) FROM %s, %s",
> remotehost, name);
> pw = (struct passwd *) NULL;
> return; /* NOTE: cheap sleazy exit if we don't support ANONYMOUS */
> #else
573a583> reply(530, "User %s access denied.", name);
> if (logging)
> syslog(LOG_NOTICE,
> "ANONYMOUS FTP LOGIN REFUSED (not supported) FROM %s, %s",
> remotehost, name);
> pw = (struct passwd *) NULL;
> return; /* NOTE: cheap sleazy exit if we don't support ANONYMOUS */
> #else
Show quoted text
> #endif
574a585Show quoted text
>
Show quoted text
>Audit-Trail:
>Unformatted:
>Unformatted: