[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Request for Audit: proftpd and wu-ftpd

On Thu, 7 Oct 1999, Tymm Twillman wrote:

> I've been through the code a bit on both, but a full thorough audit of
> them is very difficult... Neither was apparently written by people very
> familiar with good security practices, and with the heaps of patches
> loaded on them over time, it has gotten to the point that they're
> very difficult to dig through.  

I've fiddled with wu-ftpd and I agree with Tymm. What shocks me is that it
is only a few thousand lines long, someone should just sit down and
rewrite a wu-ftpd-alike ftpd that is secure!

Does anyone have an anicdotal evidence about the scalablility of openbdsd
ftpd (the default ftpd)? Maybe we should just use it..

Reply to: