![[LWN Logo]](/images/lcorner.png) |
|
![[LWN.net]](/images/Included.png) |
From: Shane Kerr <shane@time-travellers.org>
To: letters@lwn.net
Subject: oftpd
Date: Sat, 2 Jun 2001 23:26:07 +0200
Cc: Chris Evans <chris@scary.beasts.org>
Dear LWN Editors,
I am the author of oftpd, a secure FTP server. I've mentioned it to
the LWN staff a number of occasions, and never received any press. The
reason I mentioned it is because FTP is a continual source of security
problems, something often discussed on your Security page. I applaud
your efforts to highlight software designed to address this issue, such
as the recent release of vsftpd 0.9.1.
I would appreciate it if you would mention oftpd as well when discussing
secure FTP servers. Like vsftpd, oftpd is designed from the ground up
with security in mind. Unlike vsftpd, it is an anonymous-only server,
which allows it to be more secure, because no user data need be
transmitted or accessed.
Non-anonymous FTP is a security risk, despite certain FTP extensions
that support encryption via SSL or other mechanisms. As used most
commonly FTP is a fundamentally flawed protocol, in that it sends
passwords in the clear. Because of this I suggest that no matter how
secure you make your server software, FTP should be avoided for data
transfer, especially since excellent alternatives such as SSH are
available.
The one area where FTP still has value is anonymous FTP. Since
anonymous FTP does not send real user names or passwords, the fact that
they are being transmitted across the Internet is not an issue. While
for transferring a single file HTTP is actually more efficient, FTP is
nice because it supports automated processing by allowing directory
listing, persistent control connections, and so on. While FTP should
die, there is still a place in the world for anonymous FTP.
oftpd was designed to be a secure anonymous FTP server. To this end, it
runs chroot() and setuid() all the time. All input is checked. No file
is ever opened for write. The server catches signals in a safe manner.
syslog() is used for all logging. All addresses and ports are checked
for safety before use. And so on.
While I applaud the effort to make a secure FTP server for non-anonymous
access, since there are certain to be environments where that is useful
(isolated networks, while increasingly rare, do exist), I do have enough
of an ego to be annoyed that oftpd is ignored, while vsftpd has had
several mentions, esp. since a number of items on the vsftpd TODO list
have been completed for some time in oftpd (IPv6 support, syslog()
support, message on initial connection, telnet strings), and some will
never be a problem (signal race condition, wtmp support).
Check it out, hopefully you'll like what you see:
http://www.time-travellers.org/oftpd
Yours,
Shane Kerr
p.s. I hope Chris Evans, author of vsftpd, won't be offended in any way!
From the brief perusal I've done of the code, it looks like a
pretty good solution given the constraints of a general-purpose,
secure, inetd-based FTP server.