Date: Thu, 17 Sep 2020 12:14:49 -0300 From: =?utf-8?Q?Lucas_Nali_de_Magalh=C3=A3es?= <rollingbits@gmail.com> To: Cy Schubert <Cy.Schubert@cschubert.com> Cc: Ed Maste <emaste@freebsd.org>, FreeBSD Current <FreeBSD-current@freebsd.org> Subject: Re: Deprecating ftpd in the FreeBSD base system? Message-ID: <E561492F-6849-400D-BE3C-B967DC7D7644@gmail.com> In-Reply-To: <202009171404.08HE4fZj007939@slippy.cwsent.com> References: <202009171404.08HE4fZj007939@slippy.cwsent.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi. > On Sep 17, 2020, at 11:05 AM, Cy Schubert <Cy.Schubert@cschubert.com> wrote: > ο»ΏIn message <CAPyFy2BHki84KuzP94AqTLk7v9FTAnLP-sa4HaFLq0kdxt0dEQ@mail.gmail.c > om> > , Ed Maste writes: >> FTP is (becoming?) a legacy protocol, and I think it may be time to >> remove the ftp server from the FreeBSD base system - with the recent >> security advisory for ftpd serving as a reminder. > > We should also deprecate the FTP client. > > I've been advocating removing FTP (and HTTP) from libfetch as well. People > should be using HTTPS only. (libfetch could support a plugin that might be > supplied by a port should someone be inclined to write one.) I usually evaluate the possibility to interact with legacy stuff as a feature and then this would make FreeBSD shine less. The associated security improvement could be done in many different ways and this one is one of the worsts. Maybe a warning during use or a flag to disable/enable it when desired or needed? And among all the security measures the project can take to improve FreeBSD security, this one is on the bottom of my list for sure. FTPD not even comes enabled by default. -- rollingbits β π§ rollingbits@gmail.com π§ rollingbits@terra.com.br π§ rollingbits@yahoo.com π§ rollingbits@globo.com π§ rollingbits@icloud.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E561492F-6849-400D-BE3C-B967DC7D7644>