[Gllug] ftp listing
Jason Clifford
jason at ukpost.com
Tue Nov 12 14:22:09 UTC 2002
On 12 Nov 2002, Mark Lowes wrote:
> > Only because many execute /bin/ls or a copy of it.
> > Those that are built to be secure have the required set of functions built
> > in and do not call external binaries for such tasks.
>
> I know, proftpd.org.
The only time I ever tried proftpd it was rooted in less than 2 hours.
It was the only service running on the server (fortunately a test box with
nothing important installed at that point). so nothing was really lost
except my faith in proftpd. We reported it to the maintainers but they
refused to believe that it was possible.
Two weeks later some S. African crackers published an exploit which I
suspect was what had been used on the server.
I am now using vsftpd. Not only is it blisteringly fast but I trust it's
author to have a responsible attitude towards security issues.
Jason Clifford
--
UKFSN.ORG Finance Free Software while you surf the 'net
http://www.ukfsn.org/ Sign Up Now
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list