From owner-freebsd-current  Sun Jun 25 12:30:44 2000
Delivered-To: freebsd-current@freebsd.org
Received: from mail.rdc1.az.home.com (ha1.rdc1.az.home.com [24.1.240.66])
	by hub.freebsd.org (Postfix) with ESMTP id C6D1C37B772
	for <current@freebsd.org>; Sun, 25 Jun 2000 12:30:37 -0700 (PDT)
	(envelope-from matt@daffy.mics.net)
Received: from daffy.mics.net ([24.15.53.199]) by mail.rdc1.az.home.com
          (InterMail vM.4.01.02.00 201-229-116) with ESMTP
          id <20000625193035.KOOY12685.mail.rdc1.az.home.com@daffy.mics.net>
          for <current@freebsd.org>; Sun, 25 Jun 2000 12:30:35 -0700
Received: by daffy.mics.net (Postfix, from userid 1001)
	id B13E4206A0; Sun, 25 Jun 2000 12:30:35 -0700 (MST)
Date: Fri, 23 Jun 2000 16:29:55 -0700
From: Matt Miller <matt.miller@thelinuxstore.com>
To: Keith Stevenson <k.stevenson@louisville.edu>
Cc: Mike Tancsa <mike@sentex.ca>,
	Garrett Wollman <wollman@khavrinen.lcs.mit.edu>,
	freebsd-security@FreeBSD.ORG
Subject: Re: Fwd: WuFTPD: Providing *remote* root since at least1994
Message-ID: <20000623162955.A72949@daffy.mics.net>
References: <Pine.BSF.4.21.0006222230390.65791-100000@achilles.silby.com> <4.2.2.20000622201823.0479a690@mail.sentex.net> <Pine.BSF.4.21.0006222230390.65791-100000@achilles.silby.com> <200006231713.NAA49665@khavrinen.lcs.mit.edu> <3.0.5.32.20000623154848.02d2d6c0@marble.sentex.ca> <20000623163411.A1412@osaka.louisville.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2i
In-Reply-To: <20000623163411.A1412@osaka.louisville.edu>; from k.stevenson@louisville.edu on Fri, Jun 23, 2000 at 04:34:11PM -0400
X-My-Mood: Refreshed.
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Fri, Jun 23, 2000 at 04:34:11PM -0400, Keith Stevenson wrote:
> On Fri, Jun 23, 2000 at 03:48:48PM -0400, Mike Tancsa wrote:
> > What about 
> > 
> > --enable-paranoid 
> > 
> > as part of the config ? As so much seems to be related to the site exec
> > command, perhaps its best to just disable this ?
> 
> While I'm all for actually fixing the problems in the code, I've found that
> the --enable-paranoid options to be a good one.  I've been tinkering around
> with the exploit and the paranoid option seems to defend against it.  I don't
> think that any of my users will miss the SITE EXEC commands.
> 

If one were interested in improving the ftpd which ships with the base system,
which features would make it a viable replacement those currently running
wu-ftpd?

Perhaps one-
Matt



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message