Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!mips!apple!agate!ziploc!eps
From: eps@toaster.SFSU.EDU (Eric P. Scott)
Newsgroups: comp.sys.next
Subject: SECURITY WARNING: bogus ftpd on Purdue archives
Message-ID: <1737@toaster.SFSU.EDU>
Date: 16 Jun 91 05:25:29 GMT
Reply-To: eps@cs.SFSU.EDU (Eric P. Scott)
Organization: San Francisco State University
Lines: 16

Recently, a file called ftpd-NeXT.tar.Z appeared in the
/pub/next/submissions directory at Purdue.  Assuming that it is
what it claims to be, it's still an OLDER version of ftpd than
what NeXT ships in 2.0/2.1 and its use *may* compromise the
security of your machine.

If you are looking for relatively recent ftpd sources in order to
implement site-specific policy, the 4.3-reno version I ported
last December is still current.  You can obtain it by anonymous
FTP from sutro.sfsu.edu [130.212.15.230] as pub/ftpd-src.tar.Z

It should compile on 1.0/1.0a/2.0/2.1 systems without
modification.  This is a "clean" version; the differences between
that and what we run locally are included as a patch file.

					-=EPS=-