Date: Sat, 29 Jul 2000 01:15:20 -0400 (EDT) From: Matt Heckaman <matt@ARPA.MAIL.NET> To: Nate Williams <nate@yogotech.com> Cc: Bill Fumerola <billf@chimesnet.com>, FreeBSD-ISP <freebsd-isp@FreeBSD.ORG> Subject: Re: FTP Servers Message-ID: <Pine.BSF.4.21.0007290101480.34492-100000@epsilon.lucida.qc.ca> In-Reply-To: <200007290453.WAA25511@nomad.yogotech.com>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sat, 29 Jul 2000, Nate Williams wrote: ... : It didn't hit FreeBSD's stock ftpd. This was a fine example of the quality of work that goes into FreeBSD. Hell even OpenBSD was hit by this. Unfortunately, stock FreeBSD ftpd cannot do what I need, as easily as proftpd can. :) : I'm using it as well. But, others who I have great respect that have : reviewed their code are not impressed with it. I'm not really qualified to comment or rebut this, so I'll leave it alone, it's not my place. :) ... : I still stick with what I said. And, I still don't know of any : full-featured FTP server that is secure. Fair enough, I personally, view security in degrees. Nothing is 100% secure, so there's only degrees. In other words, how much risk are you willing to take by running an FTP server? I find the risk of running proftpd nominal compared to some alternatives. I've often wondered to myself, (and I am by NO means an expert), if the nature of FTP will ever allow it to be 100% secure. ... : The same thing could be said about wu-ftpd, which has logged more miles : than *any* other freeware ftp server. That it's worked for years : doesn't mean it is seucre. To my knowledge, though I do not have statistics, wuftpd has a long string of root level compromises in it's history though. The fact that *this* bug remained hidden, is well, disturbing. I'm more willing to give something like proftpd a break because it does not have a long history of known bugs. This by no means makes it "more" secure than wuftpd or the like, it just means I feel more comfortable running it, as opposed to something that has had a string of known bugs in the past. I almost wonder if that's the best we can hope for in the realistic world right now. Security is something to strive for, but something that can never be totally achieved. Note that all my opinions are just from my day to day dealings with these thoughts. I speak with no authority, and am not an expert in anything, take my words for what they are; opinion. :) : Nate * Matt Heckaman - mailto:matt@lucida.qc.ca http://www.lucida.qc.ca/ * * GPG fingerprint - A9BC F3A8 278E 22F2 9BDA BFCF 74C3 2D31 C035 5390 * -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.2 (FreeBSD) Comment: http://www.lucida.qc.ca/pgp iD8DBQE5gmhqdMMtMcA1U5ARAtKfAJ0UyIeqF0wyFhbyKYLlzVw0R20HtgCfXbGs Dltde77ibC6wk7ltZrk5Ngs= =OArM -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0007290101480.34492-100000>