ProFTPD Configuration Problem
Hi, I have tested proftpd on a SuSE 7.3 box. I have got some problems with downloads via internet browser. It seems to be the problem that the files e.g. ZIP will be donloaded as ascci file. Is it possible to configure binary datatransfer per default for a specific user in the user section of proftpd.conf ? Thanks for advice. Stefan
On Feb 6, Stefan.Junge@ssi-schaefer.de
I have tested proftpd on a SuSE 7.3 box. First: SuSE 7.3 is not maintained by SuSE anymore. I would recommend you to upgrade! Second: ProFTPD has been removed from newer SuSE distributions because it has been found to be insecure several times. The recommended FTPD at the moment is vsftpd (very secure ftpd). It is also included with current SuSE versions.
So my advice is: Upgrade your SuSE, get a new FTPD and tell us if it works :) Markus PS: Don't use ftp for uploads/authenticated login, because all passwords are transmitted in cleartext! -- __________________ /"\ Markus Gaugusch \ / ASCII Ribbon Campaign markus(at)gaugusch.at X Against HTML Mail / \
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Markus Gaugusch wrote: | Second: ProFTPD has been removed from newer SuSE distributions because it | has been found to be insecure several times. Too bad :-( Linux-kernel has been found insecure much more times, but it's not a reason to remove linux-kernel from SUSE distro. - -- Boris B. Zhmurov DialogueScience, Inc. Technical department. 40 Vavilova St., Moscow, 119991, Russia Tel.: (+7-095) 137-0150, 135-6253 HTTP://www.antivir.ru FTP://ftp.antivir.ru "wget http://bb.dials.ru/bb_public_key.pgp -O - | gpg --import" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQFAI3AHmEQixi5w37YRAro5AJ4qkvxHkcjeonATpbGd5jf8rNlYCwCgkPiA 0JYdhV4MPneEz9Bp9xRcUuc= =i5OC -----END PGP SIGNATURE-----
On Feb 6, Boris B. Zhmurov
Markus Gaugusch wrote: | Second: ProFTPD has been removed from newer SuSE distributions because it | has been found to be insecure several times.
Too bad :-( Linux-kernel has been found insecure much more times, but it's not a reason to remove linux-kernel from SUSE distro. Comparing the complexity of the kernel with a simple thing like an FTP daemon is not really what I call good argumentation ... Also, I can't remember any _remotely_ exploitable bug in kernel, which is again something different compared with an ftpd.
Markus -- __________________ /"\ Markus Gaugusch \ / ASCII Ribbon Campaign markus(at)gaugusch.at X Against HTML Mail / \
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Markus Gaugusch wrote: | Comparing the complexity of the kernel with a simple thing like an FTP | daemon is not really what I call good argumentation ... Ok, apache vs proftpd, or sendmail vs proftpd, or pptpd vs proftpd, or mysql vs proftpd, or named vs proftpd? Is that argumentation? :) | Also, I can't remember any _remotely_ exploitable bug in kernel, which is | again something different compared with an ftpd. | Markus Hmm, what you call "_remotely_" kernel bug? You think, that do_brk() or memremap() not a remotely kernel bug? You wrong, unfortunately! Apache + PHPBB(or other message board with bug's) + do_brk() = voila, _remotely_ and exploitable kernel bug! - -- Boris B. Zhmurov DialogueScience, Inc. Technical department. 40 Vavilova St., Moscow, 119991, Russia Tel.: (+7-095) 137-0150, 135-6253 HTTP://www.antivir.ru FTP://ftp.antivir.ru "wget http://bb.dials.ru/bb_public_key.pgp -O - | gpg --import" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQFAI3jJmEQixi5w37YRAjiaAJ4xQTqfQdzpNri7c6uB5FyO0txLHQCeK33O hKkTcQDnOYkS/pcdh57WHOc= =mTLS -----END PGP SIGNATURE-----
On Fri, Feb 06, 2004 at 02:21:45PM +0300, Boris B. Zhmurov wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Markus Gaugusch wrote: | Comparing the complexity of the kernel with a simple thing like an FTP | daemon is not really what I call good argumentation ...
Ok, apache vs proftpd, or sendmail vs proftpd, or pptpd vs proftpd, or mysql vs proftpd, or named vs proftpd? Is that argumentation? :)
Look, there are replacement ftp servers for proftpd with whom you don't lose that much. Thus intensive efforts are not worth to be done by the security team for that product. This does not apply to the other products: - apache is _the_ web server - sendmail could be replaced in principle and is done as the default MTA, but it is a standard implementation, many people want to have - pptpd does not have the flaw in the implementation, but in the protocol; if someone wants or must use that protocol for some reason, he has to live with the problems, no replacement availlable - databases are _too_ different to easily replace mysql with alternatives, and btw. the alternatives most likely have similar problems - named like apache is _the_ standard product on its field Robert -- Robert Schiele Tel.: +49-621-181-2517 Dipl.-Wirtsch.informatiker mailto:rschiele@uni-mannheim.de
Am Freitag, 6. Februar 2004 10:11 schrieb
I have tested proftpd on a SuSE 7.3 box. I have got some problems with downloads via internet browser. It seems to be the problem that the files e.g. ZIP will be donloaded as ascci file. Is it possible to configure binary datatransfer per default for a specific user in the user section of proftpd.conf ?
first allow me just one comment: There have been in the last three years one remote exploitable for ProFTPD. This one was handled by the ProFTPD core team within several hours. When SuSE did the decision to drop ProFTPD from the distribution there have been NO security holes for more than two years. The discussion I had with Suse about it turned ended more in "well, we already have X FTP Servers on our DVD, why bother with another one". To your question: http://www.proftpd.org/docs/directives/linked/config_ref_DefaultTransferMode... cu stonki -- www.stonki.de: the more I see, the more I know....... www.proftpd.de: Deutsche ProFTPD Dokumentation www.krename.net: Der Batch Renamer für KDE www.kbarcode.net: Die Barcode Solution für KDE
participants (5)
-
Boris B. Zhmurov
-
Markus Gaugusch
-
Robert Schiele
-
Stefan Onken
-
Stefan.Junge@ssi-schaefer.de