WARNING!

[Michael Meissner]

In article <26520 at adm.brl.mil> anamaria at saffron.wpd.sgi.com (Ana Maria
De Alvare') writes:

| I want to make it clear that a person can has access to someone machine's
| password file throught the internet without having any accounts directly
| related to that person.  For example, throught the ftp anonymous service,
| I can copy a password file over.  This scenario is considered access to
| the remote machine in question.  However, public anonymous access to a 
| remote machine, is not being thought as authorizing anonymous browsing,
| and copying over files other than the ones explicitly publish with 
| the ftp anonymous procedures.  In other words, ftp anonymous access is not
| look as individual access rights.  So beware system administrators to
| curtail  the amount of access you give away to ftp anonymous services.

Ummm, unless you wrote your own ftpd, the standard BSD one explicitly
chroot's anonymous FTP requests to the logon directory of the user
'ftp'.  In every system manual, where I've seen how to set up
anonymous FTP, it mentions this, and tells the system manager never to
make the logon directory be '/'.

--
Michael Meissner	email: meissner at osf.org		phone: 617-621-8861
Open Software Foundation, 11 Cambridge Center, Cambridge, MA, 02142

Considering the flames and intolerance, shouldn't USENET be spelled ABUSENET?