Re: root access via FTP

To: Justin Pryzby <justinpryzby@users.sourceforge.net>
Cc: debian-testing@lists.debian.org
Subject: Re: root access via FTP
From: JP Glutting <jpglutting@gmail.com>
Date: Thu, 10 Feb 2005 22:24:58 +0100
Message-id: <[🔎] eccc6669050210132428d83edf@mail.gmail.com>
Reply-to: JP Glutting <jpglutting@gmail.com>
In-reply-to: <[🔎] 20050210211438.GB9363@andromeda>
References: <[🔎] eccc6669050210115941917e88@mail.gmail.com> <[🔎] 20050210200439.GA9119@andromeda> <[🔎] 20050210200736.GB9119@andromeda> <eccc66690502101258623c8b6a@mail.gmail.com> <[🔎] 20050210211438.GB9363@andromeda>

I think there my Mac is compromised, if the client can do this, or at
least screwed up. I have had my email password change twice without my
prompting.

My userid is not 0, root has 0 as a userid.

The "right" login should be "sargebox:jpg" (and always has been until
now). "sargebox:root" is the "wrong" login.

Cheers,
JP


On Thu, 10 Feb 2005 16:14:38 -0500, Justin Pryzby
<justinpryzby@users.sourceforge.net> wrote:
> On Thu, Feb 10, 2005 at 09:58:59PM +0100, JP Glutting wrote:
> > The ftp server is wu-ftpd. I am using the OS X ftp client.
> >
> > i ran debsums, and noticed that my /etc/login.defs file does not match.
> >
> > I have been seeing some odd things happening on my Mac, but I don't
> > see how this could be a client behavior.
> I'm 99% sure that it is the client.  Try running ethereal if you like;
> the ftp server certainly is not saying "220 Please log in as root".
> 
> > the prompt when I use ftp is Name (sargebox:root)
> >
> > I just tried it again, and it game me the proper login. But I did try
> > it three times and got the wrong one. I could not be accidentally
> Proper means "sargebox:username" and wrong means "sargebox:root"?
> 
> > logged in as "root" on the Mac, because I have root disabled.
> What is your userid?  If its 0, that would explain it.
> 
> Justin
> 
> > On Thu, 10 Feb 2005 15:07:37 -0500, Justin Pryzby
> > <justinpryzby@users.sourceforge.net> wrote:
> > > I just reread your subject.  You're "offered" a root ftp login?  What
> > > program?
> > >
> > > Justin
> > >
> > > On Thu, Feb 10, 2005 at 03:04:39PM -0500, Justin Pryzby wrote:
> > > > On Thu, Feb 10, 2005 at 08:59:34PM +0100, JP Glutting wrote:
> > > > > For some reason, when I log into Sarge, I am offered to login as root
> > > > > by default. Up until today, I was offered to login with my username. I
> > > > Offered?  I take it you are using {k,g,x}dm?
> > > >
> > > > > am surprised by this, since I though root logins were turned off by
> > > > > default.
> > > > >
> > > > > Has anyone else noticed this?
> > > > I hadn't, but someone was complaing that they couldn't log into root
> > > > from kdm, so I, too, am surprised.

Reply to:

Follow-Ups:
- Re: root access via FTP
  - From: Justin Pryzby <justinpryzby@users.sourceforge.net>

References:
- root access via FTP
  - From: JP Glutting <jpglutting@gmail.com>
- Re: root access via FTP
  - From: Justin Pryzby <justinpryzby@users.sourceforge.net>
- Re: root access via FTP
  - From: Justin Pryzby <justinpryzby@users.sourceforge.net>
- Re: root access via FTP
  - From: Justin Pryzby <justinpryzby@users.sourceforge.net>

Prev by Date: Fwd: root access via FTP
Next by Date: Re: root access via FTP
Previous by thread: Re: root access via FTP
Next by thread: Re: root access via FTP
Index(es):
- Date
- Thread