Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 20 Dec 2000 15:40:52 -0700
From:      Warner Losh <imp@village.org>
To:        dg@root.com
Cc:        obrien@FreeBSD.org, Dan Moschuk <dan@FreeBSD.org>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject:   Re: cvs commit: src/libexec/ftpd ftpd.c 
Message-ID:  <200012202240.PAA12053@harmony.village.org>
In-Reply-To: Your message of "Wed, 20 Dec 2000 12:59:55 PST." <200012202059.MAA18036@implode.root.com> 
References:  <200012202059.MAA18036@implode.root.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
In message <200012202059.MAA18036@implode.root.com> David Greenman writes:
: >On Tue, Dec 19, 2000 at 07:34:54PM -0800, Dan Moschuk wrote:
: >>   Modified files:
: >>     libexec/ftpd         ftpd.c 
: >>   Log:
: >>   In send_data(), use sendfile() instead of the mmap() algorithm.
: >
: >Rather than spend so much time on libexec/ftpd, you should suggest
: >changes to NetBSD's ftpd.  There's is very full featured, and there is an
: >effort to abandon ours for theirs.
: 
:    Last I heard, NetBSD's version didn't have IPv6 support, which is an
: important part of ours, and of course they don't have sendfile().

I'd also feel much better if we do a security audit of the NetBSD
code.  We've been lucky two or three times now with our ftpd where we
didn't have bugs that NetBSD/OpenBSD's code had.  This was due to some
early paranoia by pst and guido, iirc.  Well, and to be honest, a good
run of luck.  There's been plent of other things in the tree that we
were alone in getting bitten by.

Such an audit would do both camps good since it would ensure that they
get back any enhancements based on it, of course.  I'm not saying this
to try to bad mouth the NetBSD ftpd either.  I'd say it about *ANY*
replacement of security related components.  We've had too many dumped
into current that turned into liabilities in -stable when the graet
version change happened.

Warner


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200012202240.PAA12053>