[Bug 280915] libfetch: Change default FTP password to anonymous@anonymous

Reply: bugzilla-noreply_a_freebsd.org: "[Bug 280915] libfetch: Change default FTP password to anonymous@anonymous"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 280915] libfetch: Change default FTP password to anonymous@anonymous"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 280915] libfetch: Change default FTP password to anonymous@anonymous"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Sun, 18 Aug 2024 21:37:22 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=280915

            Bug ID: 280915
           Summary: libfetch: Change default FTP password to
                    anonymous@anonymous
           Product: Base System
           Version: CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: bin
          Assignee: bugs@FreeBSD.org
          Reporter: mallorya@fastmail.com

Created attachment 252900
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=252900&action=edit
libfetch: Change default FTP password to anonymous@anonymous

Current default behavior is to send username@hostname to any FTP server that
asks.

Leaking username and hostname to every FTP server should be opt-in not opt-out.
Users desiring this behavior can set this variable:

```
FTP_PASSWORD=`whoami`@`hostname`
```

You can verify that `fetch(1)` sends username & hostname with the following two
commands:

```
doas pkg install netcat
echo -e '220\n331\n' | netcat -lp 8080
```

```
fetch -vv ftp://localhost:8080
```

See attached patch.

-- 
You are receiving this mail because:
You are the assignee for the bug.