Re: chroot'ing ftpd

From: Doug Hughes (doug@Eng.Auburn.EDU)
Date: 12/17/01


Date: Mon, 17 Dec 2001 13:27:44 -0600 (CST)
From: Doug Hughes <doug@Eng.Auburn.EDU>
To: focus-sun@anastrophe.com

On Mon, 17 Dec 2001 focus-sun@anastrophe.com wrote:

> Michael Tucker writes:
> > Hence the market niche for products like wu-ftpd (don't use this! it's
> > riddled with security holes!) and proftpd (use this instead).
>
> proftpd is better than wuftpd, but it's had it's share of security holes
> too.
>
> Ncftpd has never had any. I've been using it continuously for at least four
> years (maybe five?) and it has performed flawlessly. it's not free, but in
> this case, you get what you pay for, by far.
>

logdaemon ftpd - (comes with wietse logdaemon package).
one hole back in 98 or so (the signals one - all ftpds were vulnerable).
nothing before or since. Free. small and verifiable. No extra cruft. It
just does simple ftpd stuff.