-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Tanner! :)
Tanner Lovelace wrote: | So nice of you to just trash something without any references | and then recommend a commercial product. You don't by any chance | own stock in NcFTP do you? (Okay, that was a cheap shot, but | I did wonder...) First off, I'm not affiliated with NcFTP. You shouldn't judge me by my intentions, I was just repeating some advice I heard. | For the record, proftpd does *not* have a "history riddled with | security problems." If you want to know about proftp's security, | feel free to search google and look here: | http://www.proftpd.org/security.html I ran ProFTPD for about a year with an application that required rather high security, and I got really sick and tired of having to patch it several times in succession. The third time was the charm. So forgive me if I still have a bitter sentiment. I admit that ProFTPD hasn't had any serious problems in a while. However, here are your references. :) http://www.cert.org/advisories/CA-1999-03.html http://www.cert.org/advisories/CA-1999-13.html http://www.cert.org/advisories/CA-2000-13.html | run it on my servers for years). (As always, you should have a | comprehensive security policy in place to address things like | cleartext passwords.) Running proftp will not, by itself allow | your box to be "root'd". A good security policy is always neccesary. On top of my usual lock downs I am strongly against using plain text passwords. Of course, these recent OpenSSH/OpenSSL vulnerabilities have been a pain in the ass. You say that ProFTPD will not by itself allow your server to be compromised. How is ProFTPD presently changing the UID of its children? I notice that it is running as nobody. I assume it is requiring root privledges somewhere along the way. Regards, Tom - -- $Id: .sig,v 1.17 2002/08/21 13:12:32 tom Exp $ pub 1024D/87F1C20F 2001-11-15 Thomas C. Meggs <[EMAIL PROTECTED]> Key fingerprint = 5E9A D535 B9DA A889 984B 9654 2025 409B 87F1 C20F "It was funny with coffee. Sometimes it did nothing for him, and actually made him weak. But sometimes it really made him feel like God." - from "Miguel", short story by Dan Bern -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iQIVAwUBPYfdlgZIFEaahkDtAQI8UQ/+KOJGMExUyzkfTV21VBIlNxsa60Ywy+uA Z5M1PKkZPlZ9vRpMUS1R9ybarM+x9dAcAoeqtGfAa8QgAFyOlpEc1KY5eCaYXm7D 3hKzuKdJdB8WPsI98gCy/RcE0BdpWBIAIL8oGCfB1A7lt+ZxiIbLpfr6lWoztsc9 HP77Q7lSp9agfDblMA8litTeuAwh8zVgXu+SLXlY5TYfS5WaI09BKSayWTwHXHyv DA2BGhleAnV8ULmMu82b0MBzouczfd/TXZhozdyCaiSFbxhEkYcTCmPfuWwb5eHx bYe4RlegSXYxN5sux0C2fOH/qhBzGt+ox9J95fIXnWnN+NAuO5lHV/p1k4GX41VB MRHPWdsdKC219ZYH7xLJ4cEGNx0o7eQvxZUUO1NRCf6NqY+mjV+LuZeSP9iuqkIQ GT8MScs/nrITDD2rQH33+vCewfd8NvqMJPHHJUQnrk1j7iFaFbJ0ezuNWpgJEfCk 35xTi9W4oJzrEcqMZZo5T3j0i+u3SwA+8/r5ivpENPi5CVIotYL7/yGp8TSiVkJ2 6nYAx06RLVEJ7IOGZDIDpTf7C/fNFzV6OfO7pKekD3DMSRQ3jMHltufzhq2fnSzg GwjBjMSOxA43rGfMi+373wcHk57r2OlmneQ3zivA/evFhba+hlvH0yOzxmZX3e1o 3Ef7id3XrTU= =EdAh -----END PGP SIGNATURE----- _______________________________________________ TriLUG mailing list http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ: http://www.trilug.org/~lovelace/faq/TriLUG-faq.html
