[Gllug] ftp listing

Mark Lowes hamster at korenwolf.net
Tue Nov 12 14:41:30 UTC 2002


On Tue, 2002-11-12 at 14:22, Jason Clifford wrote:
> On 12 Nov 2002, Mark Lowes wrote:
> 
> > > Only because many execute /bin/ls or a copy of it. 
> > > Those that are built to be secure have the required set of functions built 
> > > in and do not call external binaries for such tasks.
> > 
> > I know, proftpd.org.
> 
> The only time I ever tried proftpd it was rooted in less than 2 hours.

Problems which have long since been fixed.

[...]
> It was the only service running on the server (fortunately a test box with 
> nothing important installed at that point). so nothing was really lost 
> except my faith in proftpd. We reported it to the maintainers but they 
> refused to believe that it was possible.

How long ago was this?  I'd be suprised if it's in the recent past.

> I am now using vsftpd. Not only is it blisteringly fast but I trust it's 
> author to have a responsible attitude towards security issues.

The current development / core team take security seriously as should be
apparent by the lack of bugtraq issues.

-- 
The Flying Hamster <hamster at korenwolf.net>     
http://www.korenwolf.net/
IRISH DIPLOMACY: The ability to tell a man to go to Hell in such a way
that he looks forward to the trip.

-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug




More information about the GLLUG mailing list