[CentOS] wu-ftpd, proftpd, or vsftpd!

Sun Apr 30 23:26:19 UTC 2006
albi <albi at scii.nl>

José Alburquerque wrote:

> albi wrote:
>> erhm, the vsftp-software stands for "very secure ftp", but of course the
>> admin and the admin's configuring makes it secure or not
>> (the fact that the redhat-company now uses it as their default
>> ftp-server doesn't mean anything, because they were provided wu-ftpd as
>> the default ftp-server install years ago afair, and wu-ftpd has a pretty
>> bad reputation as has other software from WU, like pine)
> May I ask what is wrong with pine?  TIA.

well, here's 1 example of the mentioning of pine's not so secure code,
if you try to install pine on FreeBSD (from ports), you will see this :

 │ SECURITY NOTE: The pine software has had several remote
 │ vulnerabilities discovered in the past, which allowed remote
 │ attackers to execute arbitrary code as you on your local system,
 │ by the action of sending a specially-prepared email. All such
 │ KNOWN problems have been fixed, but the pine code is written in a
 │ very insecure style and the FreeBSD Security Officer believes
 │ there are likely to be other undiscovered vulnerabilities. Do you
 │ wish to proceed with the installation of pine anyway?
 │                        [ Yes ]         [ No ]

there are alternatives for pine, e.g. mutt, elmo, and there's more
(forgot the names)

grtjs, albi
gpg-key: lynx -dump http://scii.nl/~albi/gpg.asc | gpg --import