Re: Proftp 1.2.0pre6

Subject: Re: Proftp 1.2.0pre6
From: Paul J. Schinder (schinder@pobox.com)
Date: Tue Sep 21 1999 - 20:22:33 MDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Reid Ellis: "Re: Listserve suggestion..."
• Previous message: Dan Burcaw: "Re: Proftp 1.2.0pre6"
• In reply to: Rich Lafferty: "Re: Proftp 1.2.0pre6"
• Next in thread: Paul J. Schinder: "Re: Proftp 1.2.0pre6"
• Reply: Paul J. Schinder: "Re: Proftp 1.2.0pre6"

At 10:10 PM -0400 9/21/99, Rich Lafferty wrote:

>Quoting Benjamin Karas (bjk4@po.cwru.edu) from Tue, Sep 21, 1999 at
>09:37:55PM -0400:
> > Given that Proftp and wuftp, two of the more common ftp servers around
> > right now, both have bugs and exploits running around, what kind of ftp
> > server do you suggest I run. I don't want to play catchup with the bug
> > lists forever.

OK, somebody please tell me what's "running around" for wu-ftpd that
wasn't fixed last week by the patch they issued. I haven't seen
anything on BUGTRAQ since then about wu-ftpd, while the proftpd
exploits arrive there within minutes of the new releases.

>
>If you don't need anonymous ftp, I'd recommend the 'stock' ftpd; I
>don't know if there's an RPM for it, but it's an easy build. (It's
>the openbsd ftpd.)

Is it PAMified so that I can at least use opie? I don't let my real
password go in the clear, ever. One reason I like wu-ftpd is that
it's so easy to add in s/key support, and Fetch on MacOS supports
that nicely.

>
>If you do need anonftp, then Dan Bernstein (of Qmail fame) has an
>anon-only ftp daemon which is a textbook example of security by
>simplicity.

The only thing to be aware if is that Dan uses his own way of doing
directory listings. It's very easy to parse, and it's supported by a
lot of common clients (both lynx and Netscape, IIRC), but not by all.
People sometimes have trouble with it.

>
>I don't have URLs handy, but I posted both about a week ago when the
>ProFTPD rpms were released, so it'll be in the archive.

Dan's should be at his site: <http://pobox.com/~djb/>

>
> -r.
>
>
>--
>------------------------------ Rich Lafferty ---------------------------
> Sysadmin/Programmer, Information and Instructional Technology Services
> Concordia University, Montreal, QC (514) 848-7625
>------------------------- rich@alcor.concordia.ca ----------------------

-----
Paul J. Schinder
schinder@pobox.com

• Next message: Reid Ellis: "Re: Listserve suggestion..."
• Previous message: Dan Burcaw: "Re: Proftp 1.2.0pre6"
• In reply to: Rich Lafferty: "Re: Proftp 1.2.0pre6"
• Next in thread: Paul J. Schinder: "Re: Proftp 1.2.0pre6"
• Reply: Paul J. Schinder: "Re: Proftp 1.2.0pre6"

This archive was generated by hypermail 2a24 : Fri Oct 01 1999 - 16:13:45 MDT