Re: Unknown file in login on proftpd 1.2.0pre10-2potato1
On Tue, Feb 20, 2001, Maarten Vink wrote:
> My guess is that it's a small bug in proftpd that dumps some internal
> data, and has no security implications. But since you can't be too
> sure, it would be interesting to see what other people have to say
> about this.
Last week, I noticed the same problem and immediately sent a bug report
(Bug#86011). It is a bug in proftpd (in the last security patch in fact,
that's why the bug only appeared last week after a security upgrade),
and developers are actually working on it.
As a temporary workaround, I stopped proftpd, deleted the /var file in
the anonymous chroot, created a new empty /var file, owned by root, ran
chmod 0 on it, and finally started proftpd again. Maybe not the best
solution, but at least I know there is no sensitive data in this file.