twoftpd Simple secure efficient FTP server Bruce Guenter <bruceg@em.ca> Version 1.21 2006-04-18 This is twoftpd, a new FTP server that strives to be secure, simple, and efficient. None of the commands can cause execution of other programs, and the normal model of execution does a chroot to the logged in user's directory immediately after authentication. The name "twoftpd" comes from the fact that there were two parts to the server -- an authenticating front end, which contains no file or data transfer code, and a back end, which contains all the data transfer code. A mailing list has been set up to discuss this and other packages. To subscribe, send an email to: bgware-subscribe@lists.untroubled.org A mailing list archive is available at: http://lists.untroubled.org/?list=bgware Development versions of twoftpd are available via Subversion at: svn://bruce-guenter.dyndns.org/twoftpd/trunk Development of this version has been sponsored by FutureQuest, Inc. ossi@FutureQuest.net http://www.FutureQuest.net/ Programs: The package is broken down into two main programs: twoftpd-auth is a front-end that only accepts USER and PASS (and a few other "built-in") commands. Once a user is authenticated, it exec's twoftpd-xfer, which does a chdir/chroot/setgid/setuid combination to lock down all priviledges. twoftpd-anon is a stripped-down version of twoftpd-xfer with all the filesystem modification commands removed. Usage: For a server handling only non-anonymous logins, optionally set CHROOT and use: tcpserver -DHRv 0 ftp \ /usr/local/bin/twoftpd-auth \ /usr/local/bin/cvm-unix \ /usr/local/bin/twoftpd-xfer For a server handling only anonymous logins, set UID, GID, and HOME to appropriate values, set CHROOT to 1, and set USER and GROUP to "ftp", and use: tcpserver -DHRv 0 ftp /usr/local/bin/twoftpd-anon If you want to have both anonymous and non-anonymous logins on the same server, run both of the above two commands with two seperate IPs substituted for the "0" parameter. Because the FTP protocol does not support name-based virtual hosting, multiple anonymous servers must be run on separate IPs. See the man pages for twoftpd-auth and twoftpd-xfer for more details. Security notes: Unless you have specific reason not to, always run with CHROOT set. Always run twoftpd (and most other servers) with resources limits in effect. For example: tcpserver -DRHv 0 ftp softlimit -m 2000000 twoftpd-anon This will allow the server to consume up to 2MB of memory before being killed, which should be enough for most OS's, and still prevent memory overflow attacks. This program is Copyright(C) 2006 Bruce Guenter, and may be copied according to the GNU GENERAL PUBLIC LICENSE (GPL) Version 2 or a later version. A copy of this license is included with this package. This package comes with no warranty of any kind.
Name Modification Time Size
Parent Directory 2008-02-23 23:36 - ANNOUNCEMENT 2006-04-18 22:56 3k ChangeLog 2006-04-18 22:56 109k NEWS 2006-04-18 22:56 14k TODO 2006-04-18 22:56 1k archive 2006-07-27 06:12 - fc1 2006-07-27 06:12 - fc2 2006-07-27 06:12 - rh6 2006-07-27 06:12 - rh7 2006-07-27 06:12 - twoftpd-1.21-1.src.rpm 2006-04-18 22:56 62k twoftpd-1.21.tar.gz 2006-04-18 17:47 60k twoftpd-1.21.tar.gz.sig 2006-04-18 22:55 191
RPM File: twoftpd-1.21-1.src.rpm
Name : twoftpd Relocations: (not relocateable) Version : 1.21 Vendor: (none) Release : 1 Build Date: Tue Apr 18 22:56:27 2006 Group : Utilities/System Source RPM: (none) Size : 62797 License: GPL Packager : Bruce Guenter <bruceg@em.ca> URL : http://untroubled.org/twoftpd/ Summary : Secure, simple, and efficient FTP server Description : This is twoftpd, a new FTP server that strives to be secure, simple, and efficient. Requires : bglibs >= 1.026 rpmlib(CompressedFileNames) <= 3.0.4-1