From owner-freebsd-security Tue Jun 12 21: 3:43 2001 Delivered-To: freebsd-security@freebsd.org Received: from diarmadhi.mushhaven.net (diarmadhi.mushhaven.net [209.16.107.11]) by hub.freebsd.org (Postfix) with ESMTP id C366D37B401 for ; Tue, 12 Jun 2001 21:03:37 -0700 (PDT) (envelope-from mistwolf@diarmadhi.mushhaven.net) Received: (from mistwolf@localhost) by diarmadhi.mushhaven.net (8.11.3/8.11.0) id f5D43k000415; Wed, 13 Jun 2001 00:03:46 -0400 (EDT) (envelope-from mistwolf) Date: Wed, 13 Jun 2001 00:03:46 -0400 From: Jamie Norwood To: Matt Dillon Cc: Nate Williams , Garrett Wollman , freebsd-security@FreeBSD.ORG Subject: Re: IPFW almost works now. Message-ID: <20010613000346.A398@mushhaven.net> References: <657B20E93E93D4118F9700D0B73CE3EA0166D97D@goofy.epylon.lan> <20010612152856.A72299@mushhaven.net> <3B267827.5090002@lmc.ericsson.se> <20010612162749.A73655@mushhaven.net> <200106122044.QAA93356@khavrinen.lcs.mit.edu> <15142.42704.228823.693752@nomad.yogotech.com> <200106122356.f5CNubp50204@earth.backplane.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200106122356.f5CNubp50204@earth.backplane.com>; from dillon@earth.backplane.com on Tue, Jun 12, 2001 at 04:56:37PM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, Jun 12, 2001 at 04:56:37PM -0700, Matt Dillon wrote: > > If you have to have a web server, and would only also have a ftp > server to 'optimize' transfers, I would submit that whatever > performance one perceives as having gained from running the ftp > server (which I think is Balderdash as well) is offset by the fact > that you are now running two pieces of server software that might > potentially create a security hazzard rather then one. > > Since I can't do without my web server, ftpd is the one I turn off. > > Historically, a plain old Apache with no fancy modules turned on > is just as secure... in fact, even more secure... then ftpd. Maybe > because web servers focus on read-only stuff whereas ftpd tries to > be general purpose read/write/exec/chmod/only-god-knows-what-else. So how, then, do you propose people upload files, a common use of ftp? Since your alternative is 'bare-bones' Apache, you have just cut out a function many of us rely on. Security through lack of usefulness is not an option, IMHO. Jamie > -Matt > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message