[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: ftpd exploits
- From: Al Lipscomb <arl_(_at_)_q7_(_dot_)_net>
- Date: Wed, 20 Dec 2000 22:16:26 -0500
- Mail-followup-to: misc_(_at_)_openbsd_(_dot_)_org
For the second time in the last twelve months the ftp daemon has been found
to have an exploit. One can understand the attention that a black-hat would
give this code as it is often a required service to run at sites that must
exchange data with others.
My first thoughts involved replacing the standard daemon with something like
publicfile (http://cr.yp.to/publicfile.html) but that would not solve the
problem faced by admins who needed the ability to accept files using ftp.
Would it be worth the effort to build a deamon that used its own name/password
file for authentication and ran with permissions other than root?
The Libertarian Party does not have the answers to all of your problems...
But they are at least honest enough to say so.
AA4YU http://www.beekeeper.org http://www.q7.net
Visit your host, monkey.org