From: Shane Kerr <shane@time-travellers.org> To: letters@lwn.net Subject: oftpd Date: Sat, 2 Jun 2001 23:26:07 +0200 Cc: Chris Evans <chris@scary.beasts.org> Dear LWN Editors, I am the author of oftpd, a secure FTP server. I've mentioned it to the LWN staff a number of occasions, and never received any press. The reason I mentioned it is because FTP is a continual source of security problems, something often discussed on your Security page. I applaud your efforts to highlight software designed to address this issue, such as the recent release of vsftpd 0.9.1. I would appreciate it if you would mention oftpd as well when discussing secure FTP servers. Like vsftpd, oftpd is designed from the ground up with security in mind. Unlike vsftpd, it is an anonymous-only server, which allows it to be more secure, because no user data need be transmitted or accessed. Non-anonymous FTP is a security risk, despite certain FTP extensions that support encryption via SSL or other mechanisms. As used most commonly FTP is a fundamentally flawed protocol, in that it sends passwords in the clear. Because of this I suggest that no matter how secure you make your server software, FTP should be avoided for data transfer, especially since excellent alternatives such as SSH are available. The one area where FTP still has value is anonymous FTP. Since anonymous FTP does not send real user names or passwords, the fact that they are being transmitted across the Internet is not an issue. While for transferring a single file HTTP is actually more efficient, FTP is nice because it supports automated processing by allowing directory listing, persistent control connections, and so on. While FTP should die, there is still a place in the world for anonymous FTP. oftpd was designed to be a secure anonymous FTP server. To this end, it runs chroot() and setuid() all the time. All input is checked. No file is ever opened for write. The server catches signals in a safe manner. syslog() is used for all logging. All addresses and ports are checked for safety before use. And so on. While I applaud the effort to make a secure FTP server for non-anonymous access, since there are certain to be environments where that is useful (isolated networks, while increasingly rare, do exist), I do have enough of an ego to be annoyed that oftpd is ignored, while vsftpd has had several mentions, esp. since a number of items on the vsftpd TODO list have been completed for some time in oftpd (IPv6 support, syslog() support, message on initial connection, telnet strings), and some will never be a problem (signal race condition, wtmp support). Check it out, hopefully you'll like what you see: http://www.time-travellers.org/oftpd Yours, Shane Kerr p.s. I hope Chris Evans, author of vsftpd, won't be offended in any way! From the brief perusal I've done of the code, it looks like a pretty good solution given the constraints of a general-purpose, secure, inetd-based FTP server.