Somewhere on this list in the last few days someone said proftpd was "a mess" but never said why, or wether this "mess" was security related. Could the poster elaborate please?? And VSFTPD?? Any opinions on that one? -- _________________________________ John Andersen / Juneau Alaska
I did. Proftpd is nice to configure, but in serious, desperate need of a massive code audit, or a complete rewrite. It has had many many security bugs, the code is not very well written and it hasn't really been audited. I used to use it and then gave up when the security bugs started rolling through. If you think this is the last get root remotely via anonftp or a user account bug in wuftpd you are mistaken. VSFTPD is what I use, and from the 1.0.0 announcement apperently redhat uses it too (14,000 concurrent logins across their ftp pool or somesuch). RedHat doesn't ship it though, rpm's are just available last week from some guy. Why do vendors ship us crap they don't use? grumblegrumble. -Kurt
participants (2)
-
John Andersen
-
Kurt Seifried