From: ziplock@yabbs
To: htoaster@yabbs
Subject: re: bsd386 & security.
Date: Sun Feb 14 22:59:05 1993

In message re: bsd386 & security., htoaster said:
> You can't.  For one thing, anon ftp is chrooted to another directory, so you
> can't even get to the real "/etc" directory, just the /etc off of the ftp
> tree.  For another thing, the whole point of shadowing is too make it so
> that you can't get to the shadow file without user 0 (root) privs.

Plus I found out that under 386bsd all requests for /etc/pwd.db are
piped to console as an error message.  Since I have an ftp site
running on my system, I put up the wuarchive ftpd and with the error
message date/time and the wuarchive xferstats log I determined the
user account and system that the request came from.ÿ