Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!think.com!spool.mu.edu!ox.com!msen.com!emv
From: eps@toaster.SFSU.EDU (Eric P. Scott)
Newsgroups: comp.archives
Subject: [next] SECURITY WARNING: bogus ftpd on Purdue archives
Message-ID: <1991Jun20.131324.26042@ox.com>
Date: 20 Jun 91 13:13:24 GMT
Article-I.D.: ox.1991Jun20.131324.26042
Sender: emv@msen.com (Edward Vielmetti, MSEN)
Reply-To: eps@cs.SFSU.EDU (Eric P. Scott)
Followup-To: comp.sys.next
Organization: San Francisco State University
Lines: 30
Approved: emv@msen.com (Edward Vielmetti, MSEN)
X-Original-Date: 16 Jun 91 05:25:29 GMT
X-Original-Newsgroups: comp.sys.next

Archive-name: internet/ftpd/next-ftpd/1991-06-16
Archive: sutro.sfsu.edu:/pub/ftpd-src.tar.Z [130.212.15.230]
Original-posting-by: eps@toaster.SFSU.EDU (Eric P. Scott)
Original-subject: SECURITY WARNING: bogus ftpd on Purdue archives
Reposted-by: emv@msen.com (Edward Vielmetti, MSEN)


Recently, a file called ftpd-NeXT.tar.Z appeared in the
/pub/next/submissions directory at Purdue.  Assuming that it is
what it claims to be, it's still an OLDER version of ftpd than
what NeXT ships in 2.0/2.1 and its use *may* compromise the
security of your machine.

If you are looking for relatively recent ftpd sources in order to
implement site-specific policy, the 4.3-reno version I ported
last December is still current.  You can obtain it by anonymous
FTP from sutro.sfsu.edu [130.212.15.230] as pub/ftpd-src.tar.Z

It should compile on 1.0/1.0a/2.0/2.1 systems without
modification.  This is a "clean" version; the differences between
that and what we run locally are included as a patch file.

					-=EPS=-

-- comp.archives file verification
sutro.sfsu.edu
total 77
-rw-r--r--  1 eps      wheel      77849 Dec 25 23:11 /pub/ftpd-src.tar.Z
found next-ftpd ok
sutro.sfsu.edu:/pub/ftpd-src.tar.Z