Date: Thu, 24 Oct 2002 12:17:09 -0400 (EDT) From: Robert Watson <rwatson@FreeBSD.org> To: arch@FreeBSD.org Subject: Status of lukemftpd? (was: cvs commit: src/etc inetd.conf (fwd)) Message-ID: <Pine.NEB.3.96L.1021024120517.40520C-100000@fledge.watson.org>
next in thread | raw e-mail | index | archive | help
Following my missing a commit to the lukemftpd Makefile yesterday, I took
the opportunity to peruse its source code since it sounded like there was
some movement in the direction of using lukemftpd by default in future
versions of FreeBSD. I was deeploy concerned by the fact that I was
unable to find any of the standard user context and login management code
for FreeBSD in there, including no visible support for:
- Pluggable Authentication Modules (PAM) in any form, meaning that support
for any non-hard-coded authentication mechanisms is broken --
specifically, OPIE, hardware authentication tokens, smart card
authentication, pam_ldap, etc.
- Any login.conf features, including resources limits, per-user nologin
file, personalized motd and license information, MAC. It seems to
implement its own limit mechanism using a class set completely
independent from login.conf, but doesn't support things like maximum
file size, stack size, etc. Among other things, this means that
documented mechanisms for preventing user login are broken, and system
protections are not properly enforced. In the past, we've relied on
those protections to reduce the impact of vulnerabilities -- for
example, the use of resource limits to reduce the impact of the glob
memory allocation vulnerabilities.
cboss:/cboss/freebsd/commit/src/contrib/lukemftpd/src> grep -i PAM *
cboss:/cboss/freebsd/commit/src/contrib/lukemftpd/src> grep -i usercontext *
cboss:/cboss/freebsd/commit/src/contrib/lukemftpd/src> grep -i logincontext *
Also, there seems to be some confusion regarding man pages: ftpd(8) is our
native ftpd man page, but ftpd.conf implies that lukemftpd is the default.
Given that lukemftpd is highly feature incomplete with regards to the
default ftpd, I'd like to propose at least the following:
(1) All references to lukemftpd as "the ftpd" be corrected to indicate
lukemftpd is not the default. Most of these are leaked references
from lukemftpd man pages that were not updated in the import.
(2) Remove reference to lukemftpd in inetd.conf: it looks a little silly
to have a warning there, and the only purpose of listing something in
inetd.conf is if you plan to have it be the one users turn on. If we
don't remove it, the warning should stay, but the entry should be
shifted down to the bottom of the file.
(3) The lukemftpd man pages should be updated to have a clear feature
completeness warning using much the same language from my commit
message.
(4) The release notes indicating lukemftpd has been imported should be
updated to indicate it is not the "default" and that it is feature
incomplete.
If there are plans to implement the missing features, then it may be
reasonable to keep it in the tree. If there are no plans to fix these
problems, it may make sense to remove it from the tree, or at least
disconnect it from the build to prevent serious foot-shooting.
Robert N M Watson FreeBSD Core Team, TrustedBSD Projects
robert@fledge.watson.org Network Associates Laboratories
---------- Forwarded message ----------
Date: Thu, 24 Oct 2002 08:46:10 -0700 (PDT)
From: Robert Watson <rwatson@FreeBSD.org>
To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject: cvs commit: src/etc inetd.conf
rwatson 2002/10/24 08:46:10 PDT
Modified files:
etc inetd.conf
Log:
# WARNING: lukemftpd does not support PAM, MAC, per-class nologin files,
# or any login.conf resource limits or features; use it only if this is
# appropriate for your environment. If you require these features, use
# the regular FreeBSD ftpd below.
Discourage users from using lukemftpd if they rely any of these standard
FreeBSD features that are fully supported by our native ftpd. There
may be other features that are not yet supported that I have not yet
discovered.
Revision Changes Path
1.59 +5 -0 src/etc/inetd.conf
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1021024120517.40520C-100000>