Re: Request for Audit: proftpd and wu-ftpd

To: Tymm Twillman <tymm@coe.missouri.edu>
Cc: Martin Schulze <joey@north.de>, Debian Development <debian-devel@lists.debian.org>
Subject: Re: Request for Audit: proftpd and wu-ftpd
From: Jason Gunthorpe <jgg@ualberta.ca>
Date: Thu, 7 Oct 1999 17:31:07 -0600 (MDT)
Message-id: <[🔎] Pine.LNX.3.96.991007172900.19491R-100000@localhost>
In-reply-to: <[🔎] Pine.SGI.4.05.9910070954350.251485-100000@tiger.coe.missouri.edu>

On Thu, 7 Oct 1999, Tymm Twillman wrote:

> I've been through the code a bit on both, but a full thorough audit of
> them is very difficult... Neither was apparently written by people very
> familiar with good security practices, and with the heaps of patches
> loaded on them over time, it has gotten to the point that they're
> very difficult to dig through.  

I've fiddled with wu-ftpd and I agree with Tymm. What shocks me is that it
is only a few thousand lines long, someone should just sit down and
rewrite a wu-ftpd-alike ftpd that is secure!

Does anyone have an anicdotal evidence about the scalablility of openbdsd
ftpd (the default ftpd)? Maybe we should just use it..

Jason

Reply to:

Follow-Ups:
- RE: Request for Audit: proftpd and wu-ftpd
  - From: "Terry Katz" <katz@advanced.org>

References:
- Re: Request for Audit: proftpd and wu-ftpd
  - From: Tymm Twillman <tymm@coe.missouri.edu>

Prev by Date: Re: lintian support in dinstall
Next by Date: Re: Uninstallable Packages
Previous by thread: Re: Request for Audit: proftpd and wu-ftpd
Next by thread: RE: Request for Audit: proftpd and wu-ftpd
Index(es):
- Date
- Thread