On Tue, 2002-09-17 at 21:57, Thomas C. Meggs wrote: > Tanner! :) Tom! ;) > Tanner Lovelace wrote: > | So nice of you to just trash something without any references > | and then recommend a commercial product. You don't by any chance > | own stock in NcFTP do you? (Okay, that was a cheap shot, but > | I did wonder...) > > First off, I'm not affiliated with NcFTP. You shouldn't judge me by my > intentions, I was just repeating some advice I heard.
Okay, I'll accept that. As I said, it was a cheap shot, and for what it's worth I apologize for that. I think I must have been having a bad day on Monday. :-( > I ran ProFTPD for about a year with an application that required rather > high security, and I got really sick and tired of having to patch it > several times in succession. The third time was the charm. So forgive me > if I still have a bitter sentiment. I admit that ProFTPD hasn't had any > serious problems in a while. However, here are your references. :) > > http://www.cert.org/advisories/CA-1999-03.html > http://www.cert.org/advisories/CA-1999-13.html > http://www.cert.org/advisories/CA-2000-13.html I'll be the first to admit that no software is immune from bugs. And, you can never tell when a bug might be found. It seems that in this case the bugs all hit in quick succession. I can see how that would have turned you off, but I still don't think it makes proftpd a bad program. WU-ftpd, afaik, has much worse problems that aren't so easily fixed. > A good security policy is always neccesary. On top of my usual lock > downs I am strongly against using plain text passwords. Of course, these > recent OpenSSH/OpenSSL vulnerabilities have been a pain in the ass. Definitely. For the record, the configuration of proftpd that we have in place on the trilug machines does not make the user use their unix account passwords. Instead, it allows them to access the mirrors by the e-mail address they signed up with and their membership number. It doesn't give access to home directories, but rather just gives unmetered access to the mirrors (the same thing available for metered anonymous access). I've heard some people suggest we should move that over to the new ldap/kerberos single sign on, but I disagree. If we did that, we could end up transmitting important passwords in the clear. As it is now, if someone sniffs the "password" (membership number), all they'll get is unmetered access to our mirrors (read-only, even). If people want access to their home directories, they can use scp/sftp. > You say that ProFTPD will not by itself allow your server to be > compromised. How is ProFTPD presently changing the UID of its children? > I notice that it is running as nobody. I assume it is requiring root > privledges somewhere along the way. I believe this is answered in question 2 of their FAQ: (http://proftpd.net/docs/faq/linked/faq-ch6.html) I quote: 2. Surely running ProFTPD as non-root will help? Running ProFTPD as a non-root user gives only a marginal security improvement on the normal case and adds some functional problems. Such as not being able to bind to ports 20 or 21, unless it's spawned from inetd. ProFTPD takes a middle road in terms of security. It only uses root privileges where required and drops to the UID defined in the config file at all other times. Times when root is required include, binding to ports < 1024, setting resource limits, reading configuration information and some network code. For Linux 2.2.x kernel systems there is the POSIX style mod_linuxprivs module which allows very fine grain control over privileges. This is highly recommended for security-conscious admins. Cheers, Tanner -- Tanner Lovelace | lovelace(at)wayfarer.org | http://wtl.wayfarer.org/ --*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*-- GPG Fingerprint = A66C 8660 924F 5F8C 71DA BDD0 CE09 4F8E DE76 39D4 GPG Key can be found at http://wtl.wayfarer.org/lovelace.gpg.asc --*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*-- http://www.petitiononline.com/SSSCA/petition.html --*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*-- Those who are willing to sacrifice essential liberties for a little order, will lose both and deserve neither. -- Benjamin Franklin History teaches that grave threats to liberty often come in times of urgency, when constitutional rights seem too extravagant to endure. -- Justice Thurgood Marshall, 1989
signature.asc
Description: This is a digitally signed message part
