On Tue, Feb 20, 2001, Maarten Vink wrote: > My guess is that it's a small bug in proftpd that dumps some internal > data, and has no security implications. But since you can't be too > sure, it would be interesting to see what other people have to say > about this.
Last week, I noticed the same problem and immediately sent a bug report (Bug#86011). It is a bug in proftpd (in the last security patch in fact, that's why the bug only appeared last week after a security upgrade), and developers are actually working on it. As a temporary workaround, I stopped proftpd, deleted the /var file in the anonymous chroot, created a new empty /var file, owned by root, ran chmod 0 on it, and finally started proftpd again. Maybe not the best solution, but at least I know there is no sensitive data in this file. -- MaXX
