[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ProFTP Forever Broken? (was Re: oBSD ftpd query)
At 04:17 PM 9/16/99 -0600, Theo de Raadt wrote:
>> I rather suspet I'm going to have to break down and do same. My FTP box
>> runs FreeBSD though. The ProFTP folks have been scrambling to close one
>> hole after another for the past couple weeks. Seems like the Dutch Boy
>> with his finger in the Dike syndrome. I read somewhere that it was
>> doubtful ProFTP woud ever be secure without a total rewrite/redesign of the
>> code, which is a shame becasue it is otherwise way cool. Any of you
>> security guru's have an opinion on this?
>My opinion is that, seeing as they've not done a proactive audit
>(which means, sit down for three weeks and LEARN secure coding from
>scratch), it's the wrong daemon to run.
>At least Eric finally got to the point where he learned to be proactive
>with regards to sendmail. These guys have not grabbed the clue stick yet.
So what might you suggest that I can run on my FreeBSD box, wu-ftp? I dig
the mod_mysql integration of ProFTP, but am unaware of how to implement
something like this on my own and I don't know C. Really nice to not
authenticate via UNIX passwords though...
The package said "Requires Win95/NT or better", so I installed in on