Mailinglist Archive: opensuse-security (511 mails)
| < Previous | Next > |
Re: [suse-security] which ftpd?
- From: "Thomas Michael Wanka" <tm_wanka@xxxxxxxxxxxxx>
- Date: Wed, 22 Aug 2001 09:17:38 +0200
- Message-id: <3B8378B2.17017.10D904C6@localhost>
Hi,
On 21 Aug 2001, at 21:15, Roman Drahtmueller wrote:
> Guys, please show me a security bug in wuftpd-2.4 (the one that is
> installed as /usr/sbin/wuftpd in SuSE Systems) after Thomas Biege has
> made a full audit of it (2+ years ago, I think).
security today is a strange thing as one has to count in the
philosophical/Psychological components too.
The problem is, that this has been discussed on this list before, and
there was no real answer then. It is compareable to the sendmail
vs. qmail vs. something thing.
Security is not a monolithic structure. Eg. if someone uses ftp
behind a firewall with trusted users only why should he care about
exploits? So if someone started to use a ftpd some time ago, he did
so after evaluating all alternatives, and from then on all he had to
care about was the security of "his"
server.
So I think it was the best way to answer such requests in the future
with something: "Please check the hompages of all alternatives, and
check a list of security sites and make your own decision."
mike
On 21 Aug 2001, at 21:15, Roman Drahtmueller wrote:
> Guys, please show me a security bug in wuftpd-2.4 (the one that is
> installed as /usr/sbin/wuftpd in SuSE Systems) after Thomas Biege has
> made a full audit of it (2+ years ago, I think).
security today is a strange thing as one has to count in the
philosophical/Psychological components too.
The problem is, that this has been discussed on this list before, and
there was no real answer then. It is compareable to the sendmail
vs. qmail vs. something thing.
Security is not a monolithic structure. Eg. if someone uses ftp
behind a firewall with trusted users only why should he care about
exploits? So if someone started to use a ftpd some time ago, he did
so after evaluating all alternatives, and from then on all he had to
care about was the security of "his"
server.
So I think it was the best way to answer such requests in the future
with something: "Please check the hompages of all alternatives, and
check a list of security sites and make your own decision."
mike
| < Previous | Next > |