Re: root access via FTP
On Thu, Feb 10, 2005 at 10:24:58PM +0100, JP Glutting wrote:
> I think there my Mac is compromised, if the client can do this, or at
> least screwed up. I have had my email password change twice without my
> prompting.
Maybe, but I wouldn't make that conclusion based on the behaviour of
the ftp client.
Whatever the client does might be
wrong/buggy/inconvenient/unexpected/dumb/stupid/bad/mean or backwards,
but the server is still responsible for authentication, and having the
client default to "root" isn't a security hole (by itself, though it
might be considered security-unconscious, depending on the situation).
> My userid is not 0, root has 0 as a userid.
I asked because multiple accounts can have the same uid, and could
result in a "root" prompt even if your user is named otherwise.
> The "right" login should be "sargebox:jpg" (and always has been until
> now). "sargebox:root" is the "wrong" login.
So, the ftp client is acting inconsistently? *something* is happening
differently; do all of your xterms always act the same way (as that
same xterm)?
Justin
> On Thu, 10 Feb 2005 16:14:38 -0500, Justin Pryzby
> <justinpryzby@users.sourceforge.net> wrote:
> > On Thu, Feb 10, 2005 at 09:58:59PM +0100, JP Glutting wrote:
Reply to: