Re: WU-FTPD

[hayward () SLOTHMUD ORG (hayward () SLOTHMUD ORG)]

Doesn't wu-ftpd use the /home/ftp/etc/passwd file for this information,
after doing a chroot during anonymous ftp?

In which case, this is more of a configuration issue rather than a wu-ftpd
issue?  Because it depends on what you put in /home/ftp/etc/passwd.

--
Brian Hayward
http://www.slothmud.org/~hayward/mic_humor.html

On Fri, 12 Nov 1999, Mnemonix wrote:

> There's feature of the WU-FTP daemon  (Version 2.4.2 tested as well as
 earlier versions) (http://www.academ.com/academ/wu-ftpd/) that allows a
 remote user to workout what flavour of UNIX the ftp server is running on.
 When using the cd (CWD) command to a user accounts home directory (cd
 ~user) the WU-FTPD will reveal the accounts physical path if the account
 is a built in standard account such as root or games or uucp etc. For
 non-standard accounts it calims not to know the user:
> ftp> cd ~mail
> 550 /var/spool/mail: No such file or directory.
> ftp> cd ~games
> 550 /usr/games: No such file or directory.
> ftp> cd ~root
> 550 /root: No such file or directory.
> ftp> cd ~guest
> 550 Unknown user name after ~
> ftp> cd ~jsmith
> 550 Unknown user name after ~
> ftp> cd ~nobody
> 550 /dev/null: No such file or directory.
>
> Knowing what accounts exist on what flavour of UN*X allows a remote user to can then say with a high degree of 
> certainty that they're dealing with a specific platform.
>
> Cheers,
> David Litchfield
> http://www.infowar.co.uk/mnemonix/
> Cerberus Information Security
> +44(0)181 661 7405