[Gllug] Secure FTP Server?
rich at annexia.org
rich at annexia.org
Tue Dec 3 14:26:31 UTC 2002
On Tue, Dec 03, 2002 at 01:41:31PM +0000, Mark Lowes wrote:
> On Tue, 2002-12-03 at 11:15, rich at annexia.org wrote:
> > If you are uber-security-conscious, I'd suggest that you use the
>
> Don't run an ftpd, that or break rfc compliance so you don't support
> ftp-data on port 20 so the daemon can be started with no root privs at
> all.
Indeed. The requirements of RFC 959 should be rejected here, because
they gain you nothing, but lose you quite a lot.
See: http://cr.yp.to/ftp/security.html
You can run Net::FTPServer either way, but it defaults to ignoring the
RFC requirement for security reasons. So you can (and Bibliotech do) run
it always as a non-root user.
Rich.
--
Richard Jones, Red Hat Inc. (London, UK) http://www.redhat.com/software/ccm
http://www.annexia.org/ Freshmeat projects: http://freshmeat.net/users/rwmj
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list