Red Hat Bugzilla – Bug 3393
anonymous ftp check too late
Last modified: 2008-05-01 11:37:50 EDT
The wu-ftpd-2.5 "update" rpm (presumably applies to rh 6.0 as well, but 5.2's what I've got running at the moment) introduces anomalous behaviour in the case of prohibited anonymous ftp login, compared to the previous "update" rpm (2.4.2b18-2.1). The old behaviour (illustrated second, below) is far superior. Both machines lack the "ftp" user in the password file (but ftp is used to user accounts from within our network which we believe is secure). % ftp cronus.dgp.toronto.edu Connected to cronus.dgp.toronto.edu. 220 cronus.dgp FTP server (Version wu-2.5.0(1) Tue Jun 8 11:19:44 EDT 1999) ready. Name (cronus.dgp.toronto.edu:ajr): anonymous 331 Guest login ok, send your complete e-mail address as password. Password: 530 Login incorrect. Login failed. ftp> quit 221 Goodbye. % ftp cerberus.dgp.toronto.edu Connected to cerberus.dgp.toronto.edu. 220 cerberus.dgp FTP server (Version wu-2.4.2-academ[BETA-18](1) Mon Jan 18 19:19:31 EST 1999) ready. Name (cerberus.dgp.toronto.edu:ajr): anonymous 530 User anonymous unknown. Login failed. Remote system type is UNIX. Using binary mode to transfer files. ftp> quit 221 Goodbye. %
This issue has been forwarded to a developer for further action.
There were numerous aguments about people probing various sites for valid accounts using ftp, so the maintainers changed that to have a more conservative behavior. There are pros and cons for either side...