I use ProFTPD for all my ftp servers, from cryptoarchive (anon access,
really don't wanna get broken into =) to my machines at home (with really
complex and weird setups, like upload directories you can download from if
you are at a certain machine).
Anyways the rc2 is busted ppretty bad, on the machine Indeed to upload to I
just went back to rc1 and used DenyFilter "%" which blocks the % which means
the DOS in rc1 can't be done, so happy days =).
BTW if you need people to login, and are worried about security then ftp is
not your best bet. There are SSH and SSL ftp's though you might consider, or
simply move to SSH and scp (which has it's own issues right now, sigh).
Kurt Seifried, seifried@securityportal.com
SecurityPortal - your focal point for security on the 'net
----- Original Message -----
From: "RoMaN SoFt / LLFB!!"
To:
Sent: Tuesday, November 28, 2000 1:50 AM
Subject: [suse-security] A simple and secure FTPd
Hi.
I'm usign ProFtpd 1.2.0rc2 which is a ftpd with nice features.
Nevertheless I only need simple ftp functionality: simple ftp access
to some users account (not anonymous ftp). And I'm wondering which
ftpd could be the securest one for this task. I suppose the more
complex a program, more insecure is. So I guest Proftpd is more
susceptible as being found vulnerable to some new (potential) vulns.
Is it secure the following ftpd:
220 xxxx FTP server (Version 6.4/OpenBSD/Linux-ftpd-0.16) ready ???
What are your choices, apart from the said daemons?
Another problem with Proftpd is some nasty bug related to "No port
command" (it's known by proftpd developers).. although this is not
security related.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
** RoMaN SoFt / LLFB **
roman@madrid.com
http://pagina.de/romansoft
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
---------------------------------------------------------------------
To unsubscribe, e-mail: suse-security-unsubscribe@suse.com
For additional commands, e-mail: suse-security-help@suse.com