On Thu Sep 25, 2003 at 08:44:30PM +0200, Han Boetes wrote: > > "a lot" is wrong.. one was found, and it only can be exploited if > > someone can put a certain type of file on the site so they can > > download it again (to exploit the whole). One hole. > > > > There have been some in the past, yes, but hey... we're still shipping > > openssh and sendmail, aren't we? =) > > > > I think proftpd is a good ftp server. pure-ftpd is good too, but if > > you want secure, let's use vsftpd only. Can't get anymore secure > > than that. > > Can't we dump wu-ftpd? I mean there are lots of more secure alternatives and > this daemon still has regular exploits.
wu-ftpd is only in contribs -- MandrakeSoft Security; http://www.mandrakesecure.net/ Online Security Resource Book; http://linsec.ca/ "lynx -source http://linsec.ca/vdanen.asc | gpg --import" {FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD}
pgp00000.pgp
Description: PGP signature
