[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ProFTP Forever Broken? (was Re: oBSD ftpd query)

> I rather suspet I'm going to have to break down and do same.  My FTP box
> runs FreeBSD though.  The ProFTP folks have been scrambling to close one
> hole after another for the past couple weeks.  Seems like the Dutch Boy
> with his finger in the Dike syndrome.  I read somewhere that it was
> doubtful ProFTP woud ever be secure without a total rewrite/redesign of the
> code, which is a shame becasue it is otherwise way cool.  Any of you
> security guru's have an opinion on this?

My opinion is that, seeing as they've not done a proactive audit
(which means, sit down for three weeks and LEARN secure coding from
scratch), it's the wrong daemon to run.

At least Eric finally got to the point where he learned to be proactive
with regards to sendmail.  These guys have not grabbed the clue stick yet.