On Thu, 2002-01-17 at 11:25, Brian Cluff wrote:

> I was speaking from experience with wu-ftpd.  I would run out and get the
> latest version of wu whenever they even hinted that there was a problem with
> it and I still got cracked more than once with that stupid daemon.

I agree here, but it does make his point.  wu-ftpd is only cracked more
because it is more widely used.  And you can install wu-ftpd in such a
way that it doesn't always have root, as well as chroot'ing it, or using
various kernel security enhancements to protect it.

> 
> > I wonder if all those preaching switching the
> > standard/supported/maintained ftp daemon for one that will require some
> > effort in updating, linking libraries, security implications etc... why
> > they are still using bind, openssh and other daemons that likewise have
> > a storied history of security advisories?
> 
> I use mandrake and by default it installs proftpd.  Wu is still available
> for those that have to have it for some reason.  So I AM sticking with the
> standard install.  Of  course I have yet to have a mandrake box cracked at
> all, 

That you know of! ;)

-- 
Blake Barnett (bdb)  <blake.barnett@developonline.com>
Sr. Unix Administrator
DevelopOnline.com                 office: 480-377-6816

Learning is a skill, you get better at it with practice.