[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ProFTP 1.2.0pre4 patch in CVS tree (terminates on signal 11)



Chris Cappuccio <chris@dqc.org> wrote:
> Unless you really need a feature provided by ProFTPD that isn't provided by
> OpenBSD's ftpd (see the ftpd man page for a list of these), you are better
> off going with the OpenBSD ftpd, as it has been audited for security!  The
> recent problems with ProFTPD show that it has not received any such auditing.

Personally I am absolutely appalled by ProFTPd, which as far as I am aware
is a *new* project written entirely from scratch. There is absolutely no
excuse for trivial buffer overruns in a new project, and the fact that
it has had repeated trivial security holes for me makes the entire project
a total waste of time.

Cheers


Jon
-- 
\/ Jon Ribbens / jon@oaktree.co.uk