![[LWN Logo]](/images/lcorner.png)
![[LWN.net]](/images/Included.png)
|
|
|
|
From: Chris Evans <chris@ferret.lmh.ox.ac.uk> To: <security-audit@ferret.lmh.ox.ac.uk> Subject: vsftpd-1.0.0 Date: Mon, 12 Nov 2001 22:34:56 +0000 (GMT) Ok, the thing deserves a 1.x release version now, it seems to be doing useful work on various production sites. Before the 1.0 release details, something potentially interesting: my next project. Before I start investigating the feasability, I want to judge the demand. I'm considering a "vssshd", which would be a very cut down/minimal server-only implementation of the ssh2 protocol. The intended audience would be paranoid people who want no-frills secure remote access. I'm not saying the current sshd implementations are insecure; however, their design leaves something to be desired. In particular there seems to be rather too much use of "root" (witness the severity of the deattack.c flaw). I am tempted to investigate the possibility of writing a minimal sshd where all protocol parsing and in particular SSL code runs as non-root in a chroot() environment. vsftpd-1.0.0 ftp://ferret.lmh.ox.ac.uk/pub/linux/vsftpd-1.0.0.tar.gz Approximate changelog: - Fix build on RedHat7.2 - Fix build on Mandrake systems README: vsftpd is an FTP server, or daemon. The "vs" stands for Very Secure. Obviously this is not a guarantee, but a reflection that I have written the entire codebase with security in mind, and carefully designed the program to be resilient to attack. Recent evidence shows that vsftpd is also extremely fast and scalable. vsftpd has achieved ~4000 concurrent users on a single machine, in a production environment. vsftpd is now a proven stable solution. Of particular note, RedHat used vsftpd to enable ftp.redhat.com to support 15,000 concurrent users across their server pool. This extreme load was generated by the release of RedHat 7.2 to the world. Cheers Chris