RE: Request for Audit: proftpd and wu-ftpd
A little off the topic here ... but speaking of proftpd, are there any plans
(or is anything thinking) to modify the module stuff and add the ability for
'apache' style loadable modules ? (not that there are as many modules for
proftpd as there are for apache, but I've been working on a set for company
use and its a pain to keep recompiling proftpd every time I update a
I've been kicking around the idea for a bit, and am considering doing it in
my (little) free time .. (if not for 'upstream' versions, at least to aid
development within my office)
Just checking 'cause I wouldn't wanna waste time if its already in the works
> On Thu, 7 Oct 1999, Tymm Twillman wrote:
> > I've been through the code a bit on both, but a full thorough audit of
> > them is very difficult... Neither was apparently written by people very
> > familiar with good security practices, and with the heaps of patches
> > loaded on them over time, it has gotten to the point that they're
> > very difficult to dig through.
> I've fiddled with wu-ftpd and I agree with Tymm. What shocks me is that it
> is only a few thousand lines long, someone should just sit down and
> rewrite a wu-ftpd-alike ftpd that is secure!
> Does anyone have an anicdotal evidence about the scalablility of openbdsd
> ftpd (the default ftpd)? Maybe we should just use it..
> To UNSUBSCRIBE, email to firstname.lastname@example.org
> with a subject of "unsubscribe". Trouble? Contact