[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ftpd exploits

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: ftpd exploits
From: Al Lipscomb <arl_(_at_)_q7_(_dot_)_net>
Date: Wed, 20 Dec 2000 22:16:26 -0500
Mail-followup-to: misc_(_at_)_openbsd_(_dot_)_org

For the second time in the last twelve months the ftp daemon has been found
to have an exploit. One can understand the attention that a black-hat would
give this code as it is often a required service to run at sites that must
exchange data with others. 

My first thoughts involved replacing the standard daemon with something like
publicfile (http://cr.yp.to/publicfile.html) but that would not solve the
problem faced by admins who needed the ability to accept files using ftp.

Would it be worth the effort to build a deamon that used its own name/password
file for authentication and ran with permissions other than root?



-- 
|
The Libertarian Party does not have the answers to all of your problems...
But they are at least honest enough to say so. 
AA4YU http://www.beekeeper.org http://www.q7.net

Prev by Date: Re: Samba and IPSec?
Next by Date: Really a bug ?
Previous by thread: Printing woes.
Next by thread: Really a bug ?
Index(es):
- Date
- Thread

Visit your host, monkey.org