On Thu Sep 25, 2003 at 10:50:21AM +0100, Eric Fernandez wrote: > apparently, a lot of security flaws have been discovered in proftpd, and > some people say there could be a lot other ones (like in wu-ftpd). > What about repacing proftpd by pureftpd in the next Mandrake release, as > the defaukt ftp server ? It is easy to install and has a reputation to > be very secure.
"a lot" is wrong.. one was found, and it only can be exploited if someone can put a certain type of file on the site so they can download it again (to exploit the whole). One hole. There have been some in the past, yes, but hey... we're still shipping openssh and sendmail, aren't we? =) I think proftpd is a good ftp server. pure-ftpd is good too, but if you want secure, let's use vsftpd only. Can't get anymore secure than that. -- MandrakeSoft Security; http://www.mandrakesecure.net/ Online Security Resource Book; http://linsec.ca/ "lynx -source http://linsec.ca/vdanen.asc | gpg --import" {FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD}
pgp00000.pgp
Description: PGP signature
