From owner-freebsd-stable@freebsd.org Sat Apr 3 22:16:51 2021 Return-Path: Delivered-To: freebsd-stable@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 596E85C143B for ; Sat, 3 Apr 2021 22:16:51 +0000 (UTC) (envelope-from zarychtam@plan-b.pwste.edu.pl) Received: from plan-b.pwste.edu.pl (plan-b.pwste.edu.pl [IPv6:2001:678:618::40]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "plan-b.pwste.edu.pl", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4FCWVV1vdtz3Hl0 for ; Sat, 3 Apr 2021 22:16:49 +0000 (UTC) (envelope-from zarychtam@plan-b.pwste.edu.pl) Received: from bsdondell.lab.pwste.edu.pl ([IPv6:2001:470:71:d47:a4bb:217e:aa98:2f14]) (authenticated bits=0) by plan-b.pwste.edu.pl (8.16.1/8.16.1) with ESMTPSA id 133MGeNd096962 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO) for ; Sun, 4 Apr 2021 00:16:41 +0200 (CEST) (envelope-from zarychtam@plan-b.pwste.edu.pl) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=plan-b.pwste.edu.pl; s=plan-b-mailer; t=1617488201; bh=lKCxpOa601OOP0HjBY4ikLiwYsMxdojaIAJoBAkwhTs=; h=Subject:To:References:From:Date:In-Reply-To; b=gUnQX325+4zdy27eyrwy8YV4tGl03dhJEyAuIiXkIBePI1W8vtkkWu7KW9Ots0Bsq lAyxCqCVTh0v2IPVdgCnOT9x6YE2KaVVDW0y9t4MeQ2UBKIN9UWX1Th+xq68jbMJXj BXaQ+Yr91tQPGkBYlZ97ghyliBCXAyn97gvfhVUYtDSZKd2Md1ljqi+fGnAFdYlZEZ bu6KhrxtwBDZ3vV0o/3DXVJzrrd1sgMQ1MQdVamW1kUzP1lHJ0WiXGTALxm9rlRDe9 fUARmKQHnu9gweEG9CSZ6Cdlcng1ZiLcRwL4t0Or9S1LItKm2Zfm7PhBcZNGFfc0ir ozWUJeof20Z+g== X-Authentication-Warning: plan-b.pwste.edu.pl: Host [IPv6:2001:470:71:d47:a4bb:217e:aa98:2f14] claimed to be bsdondell.lab.pwste.edu.pl Subject: Re: Deprecating base system ftpd? To: freebsd-stable@freebsd.org References: From: Marek Zarychta Message-ID: <3d511b27-055c-3049-f61a-d0c77ec7edcb@plan-b.pwste.edu.pl> Date: Sun, 4 Apr 2021 00:16:38 +0200 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:78.0) Gecko/20100101 Thunderbird/78.9.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Content-Language: en-US X-Rspamd-Queue-Id: 4FCWVV1vdtz3Hl0 X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=plan-b.pwste.edu.pl header.s=plan-b-mailer header.b=gUnQX325; dmarc=pass (policy=none) header.from=plan-b.pwste.edu.pl; spf=none (mx1.freebsd.org: domain of zarychtam@plan-b.pwste.edu.pl has no SPF policy when checking 2001:678:618::40) smtp.mailfrom=zarychtam@plan-b.pwste.edu.pl X-Spamd-Result: default: False [-2.80 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; HAS_XAW(0.00)[]; TO_DN_NONE(0.00)[]; DKIM_TRACE(0.00)[plan-b.pwste.edu.pl:+]; DMARC_POLICY_ALLOW(-0.50)[plan-b.pwste.edu.pl,none]; FROM_EQ_ENVFROM(0.00)[]; SUBJECT_ENDS_QUESTION(1.00)[]; RBL_DBL_DONT_QUERY_IPS(0.00)[2001:678:618::40:from]; ASN(0.00)[asn:206006, ipnet:2001:678:618::/48, country:PL]; MID_RHS_MATCH_FROM(0.00)[]; MIME_TRACE(0.00)[0:+]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[plan-b.pwste.edu.pl:s=plan-b-mailer]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; FROM_HAS_DN(0.00)[]; DWL_DNSWL_MED(-2.00)[pwste.edu.pl:dkim]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-stable@freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; SPAMHAUS_ZRD(0.00)[2001:678:618::40:from:127.0.2.255]; NEURAL_SPAM_SHORT(1.00)[1.000]; R_SPF_NA(0.00)[no SPF record]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[]; MAILMAN_DEST(0.00)[freebsd-stable] X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 03 Apr 2021 22:16:51 -0000 W dniu 03.04.2021 o 23:30, Rick Macklem pisze: > Eugene Grosbein wrote: >> 04.04.2021 3:39, Ed Maste wrote: >> >>> I propose deprecating the ftpd currently included in the base system >>> before FreeBSD 14, and opened review D26447 >>> (https://reviews.freebsd.org/D26447) to add a notice to the man page. >>> I had originally planned to try to do this before 13.0, but it dropped >>> off my list. FTP is not nearly as relevant now as it once was, and it >>> had a security vulnerability that secteam had to address. >>> >>> I'm happy to make a port for it if anyone needs it. Comments? >> I'm strongly against remove of stock ftpd. FTP is fastest protocol for both testing >> and daily file transfer for trusted isolated segments, and even for WAN wrapped in IPSec. >> >> Our stock ftpd has very short backlog of security issues comparing with other FTP server implementations, >> mostly linked with libc or other libraries and not with ftpd code itself. >> >> Please don't fix what ain't broken. Please. > I'll +1 this. > > I find ftpd very handy on my local lan (for example, Windoze has an ftp client). > Since it isn't enabled by default, I don't see it as a security concern. > > rick +1 It's a really valuable daemon and without it in the base, FreeBSD won't be the same network operating system anymore. Both ftpd and tftpd from the base do their job well, both are handy and pretty straightforward co to configure, disabled by default and the mourning after the loss of any of them will last long. I know, it's not the same ftpd which served at ftp.cdrom.com back in time but from the ordinary user's point of view, it's considered as an inherent part of FreeBSD. With kind regards, -- Marek Zarychta