Hi folks,
after all the buffer overflows found in proftpd and SuSE's unambigous
statement yesterday night, I wonder which ftp daemon to use if you have
to run ftpd services on a production machine.
SuSE recommended D. J. Bernstein's anonftpd for anonymous ftp access.
But what to do if user logins are required?
Which daemon would you recommend if
- security (hey, we're on suse-security ;-)
- easy configuration
- chroot'ing
- administration by a non-root user
is required?
What do you think about wuftpd? in.ftpd? If I remember right, there were
postings on this list reporting wuftpd weaknesses a few months ago.
Thanks a lot,
Matthias
--
w e b f a c t o r y
Matthias Pigulla
Matthias Pigulla wrote:
Hi folks,
after all the buffer overflows found in proftpd and SuSE's unambigous statement yesterday night, I wonder which ftp daemon to use if you have to run ftpd services on a production machine.
SuSE recommended D. J. Bernstein's anonftpd for anonymous ftp access. But what to do if user logins are required?
Which daemon would you recommend if - security (hey, we're on suse-security ;-) - easy configuration - chroot'ing - administration by a non-root user is required?
What do you think about wuftpd? in.ftpd? If I remember right, there were postings on this list reporting wuftpd weaknesses a few months ago.
not that i am a security specialist, but i'd recommend the ssh-suite for _every_ connection to your server (well ... nearly every ;-) ... using ssh you could do scp, even from one host you are not connected to to another host you are not connected to either (yup, really works) to copy files, every thing neat and secure, or even tunnel insecure connections like ftp or pop ... windows clients are available just my 2 cents hth Hannes -- Johann Georg Hautzinger, email: trema@eic.at, Tel.: 531 00 1907 Erste Bank AG - OE 0423 - Orga./Entw. Treasury u. Orga.Wertpapier Boersegasse 14, 1010 Wien http://treasury.erstebank.at
"Johann G. Hautzinger" wrote:
not that i am a security specialist, but i'd recommend the ssh-suite for _every_ connection to your server (well ... nearly every ;-) ... using ssh you could do scp, even from one host you are not connected to to another host you are not connected to either (yup, really works) to copy files, every thing neat and secure, or even tunnel insecure connections like ftp or pop ...
Well, I already use SSH for all connections over "insecure" networks.
The problem is that I have to provide FTP on a production machine, for
there are external scripts pushing data onto the machine.
I have no way of changing this - these scripts are run by different
companies and part of their systems. I cannot force them to use ssh, so
I can only try to secure our FTP services.
Matthias
--
w e b f a c t o r y
Matthias Pigulla
files, every thing neat and secure, or even tunnel insecure connections like ftp or pop ...
Well, I already use SSH for all connections over "insecure" networks. The problem is that I have to provide FTP on a production machine, for there are external scripts pushing data onto the machine.
I have no way of changing this - these scripts are run by different companies and part of their systems. I cannot force them to use ssh, so I can only try to secure our FTP services. well ... write a script opening an ssh connection from somemachine:someport to ftphost:21 and then using this "tunnel" in a way
Matthias Pigulla wrote: like ftp somemachine someport - it works - believe me ;-) hth Hannes -- Johann Georg Hautzinger, email: trema@eic.at, Tel.: 531 00 1907 Erste Bank AG - OE 0423 - Orga./Entw. Treasury u. Orga.Wertpapier Boersegasse 14, 1010 Wien http://treasury.erstebank.at
Hi, usually I hate announcements that are made before time. But as we expect to release the stuff this week (and the development has been finished), I would like to attract your attention to an FTP-Proxy that some developers here at SuSE have implemented. This Proxy has been specifically designed for securing any FTP server on your net against malicious clients or other FTP based attacks. Of course the SCP approach is to be preferred, but sometimes you can't go without FTP -- and if it only were because your mainframe has no SSH :-) And SSH tunneling to port 21 secures your CONTROL connection, but not your DATA connection. Unless you have invented "Inline-FTP". Hmmm. The highlights of the OpenSource (GPL) project are: + FTP-Proxy relays FTP connections, and provides a host of security and + auditing features. It can switch active/passive connections, provides + auditing (via syslog or rotating log files; both for user actions and + for technical issues) and command restrictions. Command restrictions, + together with a full range of other configuration options like port + ranges or argument checks (with regular expressions) can be dynamically + adjusted for every user by utilizing the LDAP protocol. FTP-Proxy is + believed to be immune against buffer overflow or "sprintf"-like attacks. + And it is fully RFC 959, 1123, 1579 and 2428 compliant. The "SuSE Proxy-Suite" project will be announced publicly during the next few days. Maybe it will help you. Using FTP-Proxy you can hide any server you like (and are able to administer most easily) from the clients. Volker On Fri, 17 Sep 1999, Matthias Pigulla wrote:
"Johann G. Hautzinger" wrote:
not that i am a security specialist, but i'd recommend the ssh-suite for _every_ connection to your server (well ... nearly every ;-) ... using ssh you could do scp, even from one host you are not connected to to another host you are not connected to either (yup, really works) to copy files, every thing neat and secure, or even tunnel insecure connections like ftp or pop ...
Well, I already use SSH for all connections over "insecure" networks. The problem is that I have to provide FTP on a production machine, for there are external scripts pushing data onto the machine.
I have no way of changing this - these scripts are run by different companies and part of their systems. I cannot force them to use ssh, so I can only try to secure our FTP services.
Matthias
-- Volker Wiegand Phone: +49 (0) 6196 / 50951-24 SuSE Rhein/Main AG Fax: +49 (0) 6196 / 40 96 07 Mergenthalerallee 45-47 Mobile: +49 (0) 179 / 292 66 76 D-65760 Eschborn E-Mail: Volker.Wiegand@suse.de ++ Only users lose drugs. Or was it the other way round? ++
Hi list, Volker Wiegand wrote:
The "SuSE Proxy-Suite" project will be announced publicly during the next few days. Maybe it will help you. Using FTP-Proxy you can hide any server you like (and are able to administer most easily) from the clients.
If I see things right, this proxy could be used on a gateway host in a
firewall scenario like the one described in Garfinkel & Spafford Chapter
21? (I.e. all connections to a LAN have to cross the gate and can be
buffered by proxy servers on that machine.)
Cool ;-)
Matthias
--
w e b f a c t o r y
Matthias Pigulla
On Wed, 22 Sep 1999, Matthias Pigulla wrote:
If I see things right, this proxy could be used on a gateway host in a firewall scenario like the one described in Garfinkel & Spafford Chapter 21? (I.e. all connections to a LAN have to cross the gate and can be buffered by proxy servers on that machine.)
Yes, this is the idea behind it. The FTP code is free of buffer overflows or any of the exploits currently being discussed. You can tell it which commands are legal for every user, including a RegEx for the arguments. Thus it is easy to say: RETR=^[/a-zA-Z0-9_]{1,512}$ or QUIT=^$ and your arguments will be scanned before they ever enter any sprintf or the like. And you can use active or passive FTP towards the internet, while always using passive to your internal host.
Cool ;-)
Status: code reviews finished, docs finished. Homepage design nearly finished. Announcement end of this or rather beginning of next week.
Matthias
Volker -- Volker Wiegand Phone: +49 (0) 6196 / 50951-24 SuSE Rhein/Main AG Fax: +49 (0) 6196 / 40 96 07 Mergenthalerallee 45-47 Mobile: +49 (0) 179 / 292 66 76 D-65760 Eschborn E-Mail: Volker.Wiegand@suse.de ++ Only users lose drugs. Or was it the other way round? ++
Hi list, I have to admit to being rather confused about this thread. Is it unsafe for my users to just use wu-ftp, except for the obvious disadvantage of the password being sent plain text? -- Thanks, James
On Sun, 26 Sep 1999, James Myles wrote:
Hi list,
I have to admit to being rather confused about this thread. Is it unsafe for my users to just use wu-ftp, except for the obvious disadvantage of the password being sent plain text? -- Thanks,
Well, it's as safe or unsafe as it has been for a while. What you see going on right now is a witch-hunt. If your servers are located in an intranet and your users have not mounted malicious attacks frequently in the past then this discussion is IMHO not for you. If, on the other hand, your servers are publicly accessible, you might want to follow up because some exploits have been published with code samples. You never know who will try it just for the fun of it. As the maintainer of ProFTPd, McGuyver, is proactively closing the holes and ProFTPd has been the primary target, interest is likely to decease in the near future. And WU-FTP maintainers will certainly not stand behind. Probably ProFTPd 1.2.0pre7, which has only just been released, is the most security aware server out there at the time of this writing.
James
Volker -- Volker Wiegand Phone: +49 (0) 6196 / 50951-24 SuSE Rhein/Main AG Fax: +49 (0) 6196 / 40 96 07 Mergenthalerallee 45-47 Mobile: +49 (0) 179 / 292 66 76 D-65760 Eschborn E-Mail: Volker.Wiegand@suse.de ++ Only users lose drugs. Or was it the other way round? ++
On Fri, 17 Sep 1999, Matthias Pigulla wrote:
Which daemon would you recommend if - security (hey, we're on suse-security ;-) - easy configuration - chroot'ing - administration by a non-root user is required?
I'm not sure, but what about wu-ftpd ? Peter -- ******************************************* URL: http://gmv.spm.univ-rennes1.fr/~peter/ *******************************************
participants (5)
-
James Myles -
Johann G. Hautzinger -
Matthias Pigulla -
Peter Münster -
Volker Wiegand