Subject: Re: Secure FTP on NetBSD/LINUX
To: None <netbsd-users@netbsd.org>
From: Hans-Joachim Picht <hjp@lnxce.net>
List: netbsd-users
Date: 06/08/2002 15:50:05
On Sat, Jun 08, 2002 at 09:30:50PM +0800, Todd Gruhn wrote:

>   I decided to scan my network (2 hosts) with SAINT.
> DEBIAN LINUX has wu-ftpd running, it will surrender
> root via the buffer overflow attack (or so SAINT says).
> I WANT THAT FIXED!

$ dpkg -r wu-ftpd && apt-get install vsftpd

> My 2 NetBSD hosts do not suffer such a problem. SO, the next
> logical Q is: what version of ftpd comes with a stock NetBSD
> system? LukemFTP? Thats what the manpage alludes to...
> Will it install on LINUX?  Any advice here?

$ head -8 cvs.netbsd.org/basesrc/libexec/ftpd

/*  $NetBSD: ftpd.c,v 1.139 2002/05/30 00:24:47 enami Exp $ */

/*
 * Copyright (c) 1997-2001 The NetBSD Foundation, Inc.
 * All rights reserved.
 *
 * This code is derived from software contributed to The NetBSD Foundation
 * by Luke Mewburn.

There is debian packet for it - so it should also run on other linux
distros

$ apt-cache show lukemftpd

[...]

Description: The enhanced ftp daemon from NetBSD.
 `lukemftpd' is what many users affectionately call the enhanced ftp
 server in NetBSD (http://www.netbsd.org).  The `lukem' comes from
 the account name of the NetBSD developer who wrote most of the
 enhancements: Luke Mewburn <lukem@netbsd.org>.


With best regards

    Hans
-- 
Work: Consultant with Linux Consulting Europe <hjp@lnxce.net> 
      http://www.lnxce.net Vogelhecke 2 D - 35447 Reiskirchen 
      Tel: +491751629201  Fax: +49640862649	Germany 
Private: hans@picht.org