Skip to content

Srange code in ftpd.c if your password begins with a minus

January 20, 2006

A colleague of mine had a call from a customer who claimed that if their password began with a ‘-‘ they could login fine bug could not use ftp(1). Now no sniggering at the back about using sftp(1).

So a few seconds with the source leads me to here and these lines of code in ftpd.c:

 	if (*passwd == ‘-‘) 	    passwd++; 

Now this just smacks of some bizarre UNIX folklore from the dim and distant past, I suspect passing the password on a command line (yuck) but have no idea what it is.

If you know or have a plausible or amusing theory let me know.

Nice simple work around, if your password begins with a “-” enter two “-” at instead of one. Actually using sftp(1) is a much better workaround.

Tags: topic:[solaris] topic:[ftp] topic:[password]


From → Solaris

  1. RTFM, Chris. From in.ftpd(1M):
    A user whose FTP client hangs on a long reply, for example, a multiline response, should use a dash (-) as the first character of the user’s password, as this disables the Server’s lreply() function.

  2. Thanks Brian. That really is a disgusting user interface. So the bug is that ftpd.c should check that the user’s password
    does not begin with a “-” before doing this check.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: