Re: Request for Audit: proftpd and wu-ftpd
On Thu, 7 Oct 1999, Tymm Twillman wrote:
> I've been through the code a bit on both, but a full thorough audit of
> them is very difficult... Neither was apparently written by people very
> familiar with good security practices, and with the heaps of patches
> loaded on them over time, it has gotten to the point that they're
> very difficult to dig through.
I've fiddled with wu-ftpd and I agree with Tymm. What shocks me is that it
is only a few thousand lines long, someone should just sit down and
rewrite a wu-ftpd-alike ftpd that is secure!
Does anyone have an anicdotal evidence about the scalablility of openbdsd
ftpd (the default ftpd)? Maybe we should just use it..