[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ProFTP Forever Broken? (was Re: oBSD ftpd query)



At 04:17 PM 9/16/99 -0600, Theo de Raadt wrote:
>> I rather suspet I'm going to have to break down and do same.  My FTP box
>> runs FreeBSD though.  The ProFTP folks have been scrambling to close one
>> hole after another for the past couple weeks.  Seems like the Dutch Boy
>> with his finger in the Dike syndrome.  I read somewhere that it was
>> doubtful ProFTP woud ever be secure without a total rewrite/redesign of the
>> code, which is a shame becasue it is otherwise way cool.  Any of you
>> security guru's have an opinion on this?
>
>My opinion is that, seeing as they've not done a proactive audit
>(which means, sit down for three weeks and LEARN secure coding from
>scratch), it's the wrong daemon to run.
>
>At least Eric finally got to the point where he learned to be proactive
>with regards to sendmail.  These guys have not grabbed the clue stick yet.
>

So what might you suggest that I can run on my FreeBSD box, wu-ftp?  I dig
the mod_mysql integration of ProFTP, but am unaware of how to implement
something like this on my own and I don't know C.  Really nice to not
authenticate via UNIX passwords though...

Ciao--Ken
http://www.y2know.org/safari/

The package said "Requires Win95/NT or better", so I installed in on
OpenBSD;)