Scott D Yelich <[EMAIL PROTECTED]> writes:
> On Tue, 3 Aug 1999, Russell Nelson wrote:
>> Dan's anonftpd chroots itself, and there's no way out. Crackers simply
>> cannot break authentication because there *is* no authentication.
>> Anybody can download only the files in the ftpd directory. Anything
>> else is less secure.
> Does any anon ftp these days *not* chroot?
> I use wuftpd-vr17 or so. What's insecure with that?
wuftpd-vr17 has the capability to do uploads, authenticated ftp, chmod,
site exec, and all sorts of other things. Even if you're very careful
about what options you compile it with, like I am, it still has a lot of
code for doing a wide variety of extra stuff. djb's code implements
*only* an anonymous ftp server; it has no code anywhere in it that's
capable of opening a file for writing. That means there's much less code
to have bugs, and means it would be much harder to exploit such a server.
Note that wuftpd also doesn't do a full chroot because it writes to a log
file outside its chroot jail. It also doesn't fully drop permissions, and
there are potential problems with its signal handlers still running with
elevated privs.
--
Russ Allbery ([EMAIL PROTECTED]) <URL:http://www.eyrie.org/~eagle/>
