[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ProFTP 1.2.0pre4 patch in CVS tree (terminates on signal 11)
Chris Cappuccio <email@example.com> wrote:
> Unless you really need a feature provided by ProFTPD that isn't provided by
> OpenBSD's ftpd (see the ftpd man page for a list of these), you are better
> off going with the OpenBSD ftpd, as it has been audited for security! The
> recent problems with ProFTPD show that it has not received any such auditing.
Personally I am absolutely appalled by ProFTPd, which as far as I am aware
is a *new* project written entirely from scratch. There is absolutely no
excuse for trivial buffer overruns in a new project, and the fact that
it has had repeated trivial security holes for me makes the entire project
a total waste of time.
\/ Jon Ribbens / firstname.lastname@example.org