I have implemented important security fixes. The project has been neglected some time, but I have found some time now to correct many things.
There have been made some security fixes to stupid-ftpd. They are only available to CVS users by now. I need to get a confirmation about the bug fixes first and try out the compilation process on a Linux machine.
Many people want to see this server to be daemon-capable, so I need to secure few things.
I will drop the support for down/up-speed reporting and implement real fork()'s and chroot()'s for each login, which will lock the user in his own (second-level) directory. This has consequences for current stupid-ftpd architecture, because some features might disappear.
Inetd-support can be implemented, but I need to think what is the best way to do that for stupid-ftpd.... read more
It's not meant to be a stable and secure server.
Not in THIS state! I wrote it for people who don't have root access on their machines and have to run the server on ports >1024 and of course without the access on /etc/passwd. That's all.
Thanks for all the people who invested all the work to find bugs. Sometimes the descriptions are very inacurate and I have to invest some hours to find what is meant by the author.
This time only few security issues have been removed. There is no new feaures.
A very stupid accident allowed a local expoit for anyone who has access to Your computer. There are probably more bugs. Be careful! The server is not been tested for regular use!
Yes, I am planning to implement a threaded server. I know many people would prefer things to be forked here, but the server is supposed to have a global view over all users and modify their states dynamically. Anyway, I am waiting for your comments on this.
200 people downloaded stupid-ftpd by now. I hope to receive some comments from you. You are all invited. I am always ready to improve this server, but I need help from you. Your comments are very important!
This is a nice feature, I think. And has been easy to implement, because of the regular expression procedures, which have been written earlier. I think I will test the server, if it really runs in a chrooted environment. It should work, but who knows without testing it?
Today I've had a good day, so I decided to release one of my further favourite projects: stupid-ftpd. Have fun testing it and send me some comments.