[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

FTPD Security



Hi

After all the ftp security scare.

I just want to get some views about the "best" ftpd.
I already installed the Update to wu.
Here are my views:

wu,bero,family. 
Good: It does pretty good job, easy guest accounts and wu is the default daemon
for Red Hat and I guess a few others.

Bad: It based on ancient code.
It contains a lot of useless code and probably a
few more security holes.

Proftpd:
Good: From first glance it's a rewrite of wu with better security and
an Apache config.

Bad: It's Big. 
Not as secure as it claims, it suffered from the same security hole as wu.
NO PAM support!

anonftpd ( from the author of qmail)
Good: secure, very very small (>28K).
 
Bad: It's so secure that you don't have uploaded and only anonymous logins are 
supported, it has it's own style of directory list, not compatible with
any thing.

Troll 
Good: It has a different idea about security, it use the Linux only low level
setfsuid instead of setuid,seteuid,setruid written with speed in mind ( it has
a DB for
users,groups instead of looking in the passwd line by line).

Bad: Written as a hack, to test it I had to change a few thing to get egcs to
stop complaining and one error fix due to glibc compatibility, I guess.
PAM support in a patch that needs fixes every new version.
Linux only. 
 

 


 

 
----------------------------------
E-Mail: gal@eliashim.co.il
Date: 16-Feb-99
Time: 14:56:45

This message was sent by XFMail
----------------------------------