From owner-freebsd-security  Fri Jun 23  8:20: 7 2000
Delivered-To: freebsd-security@freebsd.org
Received: from ns1.via-net-works.net.ar (ns1.via-net-works.net.ar [200.10.100.10])
	by hub.freebsd.org (Postfix) with ESMTP id 3A5F437B556
	for <security@FreeBSD.ORG>; Fri, 23 Jun 2000 08:20:00 -0700 (PDT)
	(envelope-from fpscha@ns1.via-net-works.net.ar)
Received: (from fpscha@localhost)
	by ns1.via-net-works.net.ar (8.9.3/8.9.3) id MAA28360;
	Fri, 23 Jun 2000 12:19:10 -0300 (GMT)
From: Fernando Schapachnik <fpscha@ns1.via-net-works.net.ar>
Message-Id: <200006231519.MAA28360@ns1.via-net-works.net.ar>
Subject: Re: Passive FTP ports in ProFTPd
In-Reply-To: <20000623165656.D13039@fling.sanbi.ac.za> from Johann Visagie at "Jun 23, 0 04:56:56 pm"
To: johann@egenetics.com (Johann Visagie)
Date: Fri, 23 Jun 2000 12:19:10 -0300 (GMT)
Cc: fpscha@via-net-works.net.ar, security@FreeBSD.ORG
Reply-To: Fernando Schapachnik <fpscha@via-net-works.net.ar>
X-Mailer: ELM [version 2.4ME+ PL40 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

En un mensaje anterior, Johann Visagie escribió:
> Fernando Schapachnik on 2000-06-23 at 10:48:40 -0300:
> > 
> > 	I switched to ProFTPd due to the wu-ftpd exploit posted today. 
> 
> Despite the fact that ProFTPd is advertised as secure, it has had several
> security scares and is generally regarded (at least among the people I to
> talk to) as being a bad choice from a security perspective.
> 
> See for instance what Dan Bernstein has to say about it:
>   http://cr.yp.to/publicfile.html   (3/4 way down the page)

Not very encouraging... The ones he mentions as "secure" lack most 
features I need. Any suggestion? (I can't use stock FreeBSD ftpd 
right now because it will require a lot of programming -- I need to 
maintain configuration compatibility accross platforms).

Thanks!



Fernando P. Schapachnik
Administración de la red
VIA NET.WORKS ARGENTINA S.A.
fernando@via-net-works.net.ar
(54-11) 4323-3333


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message