[Gllug] Secure FTP Server?

rich at annexia.org rich at annexia.org
Tue Dec 3 14:26:31 UTC 2002


On Tue, Dec 03, 2002 at 01:41:31PM +0000, Mark Lowes wrote:
> On Tue, 2002-12-03 at 11:15, rich at annexia.org wrote:
> > If you are uber-security-conscious, I'd suggest that you use the
> 
> Don't run an ftpd, that or break rfc compliance so you don't support
> ftp-data on port 20 so the daemon can be started with no root privs at
> all.

Indeed. The requirements of RFC 959 should be rejected here, because
they gain you nothing, but lose you quite a lot.

See: http://cr.yp.to/ftp/security.html

You can run Net::FTPServer either way, but it defaults to ignoring the
RFC requirement for security reasons. So you can (and Bibliotech do) run
it always as a non-root user.

Rich.

-- 
Richard Jones, Red Hat Inc. (London, UK) http://www.redhat.com/software/ccm
http://www.annexia.org/ Freshmeat projects: http://freshmeat.net/users/rwmj

-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug




More information about the GLLUG mailing list