37 messages in org.freebsd.freebsd-archRe: Importing lukemftpd| From | Sent On | Attachments |
|---|---|---|
| Mike Heffner | Jul 16, 2001 6:24 pm | |
| Dima Dorfman | Jul 16, 2001 10:33 pm | |
| Dan Moschuk | Jul 17, 2001 10:22 am | |
| Kris Kennaway | Jul 17, 2001 10:35 am | |
| Mike Heffner | Jul 17, 2001 4:01 pm | |
| Mike Heffner | Jul 17, 2001 4:29 pm | |
| Greg Lehey | Jul 18, 2001 12:53 am | |
| Alfred Perlstein | Jul 18, 2001 1:04 am | |
| Dan Moschuk | Jul 18, 2001 11:50 am | |
| Dan Moschuk | Jul 18, 2001 11:51 am | |
| Mike Heffner | Jul 18, 2001 8:50 pm | |
| Kris Kennaway | Jul 19, 2001 2:33 am | |
| David O'Brien | Jul 19, 2001 11:21 am |  .patch, .patch |
| Kris Kennaway | Jul 19, 2001 12:29 pm | |
| Kris Kennaway | Jul 19, 2001 12:30 pm | |
| Mike Heffner | Jul 19, 2001 2:46 pm | |
| Mike Heffner | Jul 19, 2001 3:34 pm | |
| David O'Brien | Jul 19, 2001 3:54 pm | |
| David O'Brien | Jul 19, 2001 3:57 pm | |
| Mike Smith | Jul 19, 2001 4:04 pm | |
| Kris Kennaway | Jul 19, 2001 4:37 pm | |
| David O'Brien | Jul 19, 2001 8:30 pm | |
| David O'Brien | Jul 19, 2001 8:36 pm | |
| David O'Brien | Jul 19, 2001 8:39 pm | |
| Kris Kennaway | Jul 19, 2001 9:03 pm | |
| Terry Lambert | Jul 20, 2001 9:34 am | |
| Dima Dorfman | Jul 20, 2001 10:14 am | |
| David O'Brien | Jul 20, 2001 11:22 am | |
| Mike Heffner | Jul 21, 2001 9:11 pm | |
| Assar Westerlund | Jul 22, 2001 2:07 pm | |
| Warner Losh | Jul 23, 2001 3:20 pm | |
| Assar Westerlund | Jul 24, 2001 1:16 pm | .diff |
| Mike Heffner | Jul 24, 2001 5:55 pm | |
| Assar Westerlund | Jul 24, 2001 6:07 pm | |
| Mike Heffner | Jul 24, 2001 8:41 pm | |
| David O'Brien | Jul 27, 2001 10:19 am | |
| Kris Kennaway | Jul 27, 2001 12:07 pm |
| Subject: | Re: Importing lukemftpd | |
|---|---|---|
| From: | Kris Kennaway (kr...@obsecurity.org) | |
| Date: | Jul 17, 2001 10:35:43 am | |
| List: | org.freebsd.freebsd-arch | |
On Mon, Jul 16, 2001 at 09:24:54PM -0400, Mike Heffner wrote:
Hi,
I would like to import Luke Mewburn's ftpd from NetBSD as the ftpd for FreeBSD. David had originally brought up the idea of importing it back in December, but it appears that he hasn't had the time, or other issues have come up. However, I would like to bring up the discussion again as I think it's a needed improvement--NetBSD's ftpd is better maintained and has better standards compliance.
This has been discussed extensively over on -audit in the past. Basically, I have concerns as security officer about replacing an ftpd which has a good security track record with one which contains large amounts of unaudited code, and has had several security problems. The FreeBSD ftpd is used on far too many installed systems out there to risk introducing new root vulnerabilities, no matter how good the lukemftpd code is or how small that risk.
There are also problems with missing features as you note. The last time this came up I offered the compromise solution of importing it into FreeBSD to work on feature parity and to give auditors a known base to work from, but it is not to become the default ftpd until I've signed off on it. We now have funding to perform in-depth auditing work on FreeBSD, so I think this would be achieved in a reasonable timeframe (probably by 5.0-RELEASE).
Kris