[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ProFTP 1.2.0pre4 patch in CVS tree (terminates on signal 11)



Actually, OpenBSD's ftpd will do that, just create a file /etc/ftpchroot
Any user in that file will be chroot'ed

Adding the -A option to ftpd will only allow connections from users in
/etc/ftpchroot

All of this is in the man page of course

ProFTPD's configuration is more flexible, but apparently at some expense...
(see bugtraq ;)

On Thu, 2 Sep 1999, Tor Houghton wrote:

 | 
 | I just liked the ability to chroot() every single user, that's all.. And
 | the config file wasn't so bad either.. Am I a bad person now? :-} ("People
 | will choose 'dancing pigs' over Internet security any day.")
 | 
 | Tor.
 | 
 | On Thu, 2 Sep 1999, Chris Cappuccio wrote:
 | 
 | > Unless you really need a feature provided by ProFTPD that isn't provided by
 | > OpenBSD's ftpd (see the ftpd man page for a list of these), you are better
 | > off going with the OpenBSD ftpd, as it has been audited for security!  The
 | > recent problems with ProFTPD show that it has not received any such auditing.
 | > 
 | > Anyways, this sig11 may be because of ProFTPD's bad handling of setproctitle
 | > 
 | > There is a patch floating around for it...
 | > 
 | > --- src/main.c.orig     Sun Aug 22 13:30:08 1999
 | > +++ src/main.c  Sun Aug 22 13:30:20 1999
 | > @@ -359,7 +359,7 @@
 | >    vsnprintf(statbuf, sizeof(statbuf) - 1, fmt, msg);
 | >  
 | >  #ifdef HAVE_SETPROCTITLE
 | > -  setproctitle(fmt,msg);
 | > +  setproctitle(statbuf);
 | >  #endif /* HAVE_SETPROCTITLE */
 | >  
 | >    va_end(msg);
 | 
 | 
 | 

---
I dress like a pimp
I walk with a limp
I see the Browns for free in
My low-rider blimp.