|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: Announce of Libra FTP server
From: Chris Evans (chris
ferret.lmh.ox.ac.uk)Date: Wed Aug 16 2000 - 05:22:43 CDT
- Next message: Kurt Seifried: "Re: Announce of Libra FTP server"
- Previous message: Damien Miller: "Re: Announce of Libra FTP server"
- In reply to: Damien Miller: "Re: Announce of Libra FTP server"
- Next in thread: Kurt Seifried: "Re: Announce of Libra FTP server"
- Reply: Chris Evans: "Re: Announce of Libra FTP server"
- Reply: Kurt Seifried: "Re: Announce of Libra FTP server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Wed, 16 Aug 2000, Damien Miller wrote:
> On Wed, 16 Aug 2000, Chris Evans wrote:
>
> > Arrggghhh... I've just started writing a highly secure FTP server. Why do
> > they all appear at once?
>
> Why not just adapt the OpenBSD FTP server? it is around 5k lines and has
> been well auditied.
... and still suffers from the totally broken design used by wu-ftpd and
proftpd.
Note that the OpenBSD server recently suffered from a remote-root exploit
as an impact from all this format strings grief. With a better design,
that exploit would have merely yielded an unprivileged and heaviliy
chroot()'ed shell.
Cheers
Chris
- Next message: Kurt Seifried: "Re: Announce of Libra FTP server"
- Previous message: Damien Miller: "Re: Announce of Libra FTP server"
- In reply to: Damien Miller: "Re: Announce of Libra FTP server"
- Next in thread: Kurt Seifried: "Re: Announce of Libra FTP server"
- Reply: Chris Evans: "Re: Announce of Libra FTP server"
- Reply: Kurt Seifried: "Re: Announce of Libra FTP server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]