[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ProFTP 1.2.0pre4 patch in CVS tree (terminates on signal 11)
> Chris Cappuccio <email@example.com> wrote:
> > Unless you really need a feature provided by ProFTPD that isn't provided by
> > OpenBSD's ftpd (see the ftpd man page for a list of these), you are better
> > off going with the OpenBSD ftpd, as it has been audited for security! The
> > recent problems with ProFTPD show that it has not received any such auditing.
> Personally I am absolutely appalled by ProFTPd, which as far as I am aware
> is a *new* project written entirely from scratch. There is absolutely no
> excuse for trivial buffer overruns in a new project, and the fact that
> it has had repeated trivial security holes for me makes the entire project
> a total waste of time.
And I warn everyone -- it's going to happen again.... they are still not
proactive, and they still don't know how to even use strncpy()...