Cookies op Tweakers

Tweakers maakt gebruik van cookies, onder andere om de website te analyseren, het gebruiksgemak te vergroten en advertenties te tonen. Door gebruik te maken van deze website, of door op 'Ga verder' te klikken, geef je toestemming voor het gebruik van cookies. Wil je meer informatie over cookies en hoe ze worden gebruikt, bekijk dan ons cookiebeleid.

Meer informatie

Door , , 6 reacties
Bron: The ProFTPD Project

ProFTPD is een veelzijdige ftp-server voor Unix-achtige besturingssystemen die met behulp van modules verder is uit te breiden. Zo zijn er modules die ondersteuning toevoegen voor ldap, ssl/tls versleuteling en radius. Voor een beknopt overzicht van de mogelijkheden verwijzen we jullie door naar deze pagina. De ontwikkelaars hebben versie 1.3.0a de deur uitgedaan waarmee een beveiligingslek opgelost word. De lijst met veranderingen voor de 1.3.0-tak van ProFTPD ziet er als volgt uit:

Version 1.3.0a:Version 1.3.0:
  • Bug 2733 - libtool requires sh/bash.
  • Bug 2770 - FreeBSD compiler warning that "__GLIBC__" is not defined.
  • Bug 2771 - FreeBSD compiler warning about undeclared fgetpwent/fgetgrent functions.
  • Bug 2772 - FreeBSD compiler warning that "_FILE_OFFSET_BITS" is not defined.
Version 1.3.0rc5:
  • Bug 2757 - Add support for quota modules to RPM spec.
  • Bug 2759 - Adding --with-includes to configure can cause problems when building with other packages. Fixed so that CPPFLAGS and LDFLAGS are restored to their original settings after running the configure script. This was a regression (of sorts) from fixing Bug #2708.
  • Bug 2764 - REST command does not return an error for negative numbers.
  • Bug 2717 - Wrong timestamp in logs for chrooted processes. Ultimately this behavior looks to be a glibc bug. In the meantime, the workaround is to manually set the TZ environment variable, if it is not already set, before calling chroot(). This bug appears to be specific to glibc, thus the workaround is only enabled on platforms using glibc-2.3 or later.
  • Bug 2765 - Child process segfaults while handling a SIGTERM.
  • Bug 2723 - mod_delay causes process to hang on OS X when proftpd exits.
Version 1.3.0rc4:
  • Bug 2703 - Disk quota exceeded for small files not being triggered.
  • Bug 2706 - utmp/wtmp logging on NetBSD needs some tweaks.
  • Bug 2708 - configure cannot detect some headers. The configure script now adds the directories mentioned via the --with-includes and --with-libraries options to the CPPFLAGS and LDFLAGS environment variables.
  • Bug 2711 - Controls socket detection broken.
  • Bug 2712 - DisplayFirstChdir directive does not work.
  • Bug 2705 - proftpd fails to log anything to syslog after dropping privs on Solaris. This happens because of the default permissions on /dev/log on Solaris.
  • Portability tweaks for Mac OS 10.4.
  • Bug 2729 - Authorative PAM authentication doesn't work. The mod_auth_pam module still had code for supporting the deprecated AuthPAMAuthoritative directive. As per Bug #2440, however, the AuthOrder directive should be used for configuring authoritativeness. This fixes mod_auth_pam to behave properly using the new AuthOrder setting.
  • Bug 2709 - mod_sql improperly strips spaces from names, allowing for confusing authentication.
  • Bug 2735 - Allow REST 0 in ASCII mode.
  • Bug 2746 - Data transfer function does not return error condition in case of read errors.
  • Bug 2752 - FEAT reply not RFC 2389 compliant.
Version 1.3.0rc3:
  • Bug 2660 - Add mod_facl in rpm spec file.
  • Bug 2662 - OpenSolaris/Solaris 11 has TCP_CORK but not SOL_TCP.
  • Bug 2667 - mod_tls handles SIGHUP badly.
  • Bug 2668 - mod_ctrls fails to open socket during SIGHUP.
  • Bug 2669 - mod_radius segfaults if PASS command sent with no USER command.
  • Bug 2674 - mod_sql string escape problem during group lookups.
  • Bug 2676 - configure option --disable-ipv6 enables IPv6.
  • Bug 2685 - ListOptions' max parameters cannot be set higher than 255.
  • Bug 2689 - Parser does not complain about unclosed configuration sections.
  • Bug 2695 - Client IP/host is not logged when client exits.
  • Bug 2697 - Improper SSL session shutdown sequence used for some FTPS clients.
  • Bug 2682 - Signals can interrupt privilege switching.
  • Bug 2692 - R_DUP response messages can break the FTP protocol responses.
Version 1.3.0rc2:
  • Bug 2584 - mod_sql_postgres missing end-of-comment character.
  • Bug 2587 - HideNoAccess does not work for DefaultRoot/<Anonymous> logins.
  • Bug 2590 - AIX uses unsigned int for ULONG_MAX, causing printf format warning.
  • Bug 2591 - wrong argument type in call to pr_log_debug in mod_delay.c on AIX.
  • Bug 2593 - `make install-modules' does not honour DESTDIR enviroment variable.
  • Bug 2596 - STAT command can cause segfault.
  • Bug 2588 - AIX requires _USE_IRS #define to use hstrerror().
  • Bug 2582 - ProFTPD on Tru64 with SIA does not call sia_ses_estab().
  • Added new 'dns' control to mod_ctrls_admin, for enabling/disabling UseReverseDNS configuration at runtime. See doc/contrib/mod_ctrls_admin.html for details.
  • Bug 2605 - Compiler warnings/errors about missing typecasts on HP-UX.
  • Bug 2589 - Makefile in modules/ directory is not portable.
  • Bug 2598 - Build system should check for duplicate module requests.
  • Bug 2585 - Proftpd does not write RFC 3164 compliant messages into /dev/log.
  • Bug 2601 - mod_delay sometimes delays for a long time.
  • Bug 2622 - Segfault seen randomly in mod_delay.
  • Bug 2578 - ProFTPD does not listen on IPv6 addresses on FreeBSD.
  • Bug 2624 - "fh_data" macro collision causes compiler error on Tru64 V5.1A.
  • Bug 2250 - Add ports, compiling info to FreeBSD README.
  • Bug 2631 - Segfault when using RadiusAcctServer.
  • Bug 2632 - Invalid application of `sizeof' to an incomplete type on AIX.
  • Bug 2637 - <Limit STAT> does not work.
  • Bug 2636 - Data connection failure when handling STOR does not trigger error response.
  • Bug 2639 - HiddenStores does not work.
  • Bug 2630 - Use of mmap in mod_delay may be problematic on HP-UX. This change adds locking of the DelayTable, which may (or may not) also help on other platforms.
  • Bug 2644 - mod_sql_mysql should handle old MySQL password format more gracefully. Starting with MySQL 4.1.1, the format for passwords stored using the MySQL PASSWORD() function changed. This format change causes issues for sites that have passwords stored in the older format. Users of mod_sql+mod_sql_mysql would see this as users being unable to login. Now, if compiled against MySQL 4.1.1 or later, mod_sql_mysql will first check the password using the current MySQL format; if that fails it will fall back to checking the old format. Note that this only affects sites which have "SQLAuthTypes Backend" in their proftpd.conf.
  • Bug 2647 - Improper "socklen_t" redefine for HP-UX when using X/Open.
  • Fixed mod_sql bug where using SQLLog and SQLNamedQuery with the %L or %a variables, and logging the EXIT pseudo-command, would cause a segfault.
  • Bug 2375 - Slow directory listing with several blank .ftpaccess files.
  • Bug 2646 - ftpshut format string vulnerability.
  • Bug 2645 - SQLShowInfo format string vulnerability.
  • Bug 2560 - Reporting errors when user filesystem quota is exceeded.
  • Bug 2653 - When MaxStoreFileSize is reached, error should be EDQUOT rather than EPERM.
  • Bug 2657 - Segfault in tls_get_error() function in mod_tls.
  • Bug 2658 - Segfault in mod_radius when using long password.
Version 1.3.0rc1:
  • Bug 2449 - ProFTPD silently ignores extra command-line parameters
  • Bug 2457 - Directory listing provides bad info when path ends with /.
  • Bug 2458 - Bad handling of CreateHome parameters.
  • Bug 2463 - mod_xfer doesn't check how many bytes it has written to disk.
  • Bug 2476 - Incorrect detection of symbolic link loop across devices.
  • Add support for a -V command-line option, which displays various compile-time settings.
  • Bug 2455 - Allow fine-tuning of how often mod_xfer updates the scoreboard. This adds an --enable-scoreboard-updates configure option.
  • Bug 2389 - 64-bit compilation warnings.
  • Bug 2468 - Ability to disable address/port collision checking. A new command-line option, -N, can be used to disable proftpd's checks for <VirtualHost> address/port collisions.
  • Bug 2488 - Wrong order of privs calls on HP generates "unable to setregid()" error (Bug #2317 revisited).
  • Bug 2392 - mod_sql needs better handling of its backend modules.
  • Daniel Weuthen <dw@megabit.net> contributed a SuSE-specific init.d script for ProFTPD.
  • Bug 2485 - SQL backend modules close all open connections too early. This fixes a bug where a "signal 11" would be reported, when a session ends, if the "EXIT" SQLLog command was configured.
  • New mod_ldap version 2.8.13
  • Bug 2490 - <Limit ALL> affects PORT command. When the EPRT, EPSV, PASV, and PORT commands became <Limit>able (see Bug #2086), they became affected by <Limit ALL> as well, which breaks older configurations.
  • Bug 2492 - Off-by-one error in FreeBSD PAM username length check.
  • Bug 2496 - NLST off-by-one bug when handling relative paths in a chrooted session.
  • Bug 2494 - ABOR problem with Cisco routers copy ftp flash.
  • Bug 2499 - make_cmd() does not NULL-terminate cmd->argv[].
  • Bug 2497 - Users can login without password if pam_start() fails.
  • Bug 2273 - Ability to limit number of unauthenticated clients from a single host. There is a new MaxConnectionsPerHost directive for configuring the maximum number of connections from a single host at the same time.
  • Bug 1965 - Change timing of handling of QUIT command. The actual ending of the session is now done by LOG_CMD/LOG_CMD_ERR handlers for the QUIT command. This allows modules that wish to do POST_CMD processing of QUIT, like mod_sql, a chance to see the command.
  • Bug 2484 - Better ftptop formatting.
  • Bug 2071 - Add Variables API.
  • Added DSO support. See the README.DSO file for more information.
  • Bug 2509 - sendfile() usage fails with > 2GB files.
  • Bug 2480 - Remote users discovery. Leon Juranic described an information leak via timing differences in the handling of the USER command for valid versus invalid users. The mod_delay module was added to address this timing difference. See doc/modules/mod_delay.html for details.
  • Bug 2518 - Ability to log SSL/TLS commands in an ExtendedLog. A new "SEC" logging class has been added for use in ExtendedLog directives, e.g 'ExtendedLog /path/to/rfc2228.log SEC'.
  • Bug 2507 - Enable use of sendfile by default. Use the new UseSendfile directive to disable, e.g. 'UseSendfile off'.
  • Bug 2471 - Restart command (REST) is not working correctly for text files. When in ASCII mode, ProFTPD now refuses to handle REST. This behavior is documented in doc/howto/ASCII.html.
  • Bug 2454 - Extend <VirtualHost> to honor multiple addresses. With this change, the Bind directive is now deprecated. See the RELEASE_NOTES for more details.
  • Bug 2516 - Getting "421 Login Timeout" immediately upon connect.
  • Bug 2520 - Turning on AuthAliasOnly disables MaxClientsPerHost.
  • Bug 2510 - Use of ExportCertData TLSOption leads to segfault.
  • Bug 2528 - Incorrect username 'and' parsing in AllowUser.
  • Bug 2170 - Add byte count variables, similar to the file count Display variables.
  • Bug 2027 - Add log message for timed out passive transfers.
  • Bug 2406 - Add a SQLEngine directive. See the mod_sql documentation for details.
  • Bug 2229 - NLST and LIST behave differently e.g. when listing an empty directory.
  • Bug 2534 - Add suport for -S ListOption, for sorting files by file size.
  • Bug 2536 - mod_ifsession does not properly merge in all directives.
  • Bug 2540 - Fails to disable mod_delay if no DelayTable file exists.
  • Bug 2541 - <Directory ~user> path resolved at startup time, rather than at session time.
  • Bug 2549 - Allow contrib modules to be built from multiple source files.
  • Bug 1651 - Add contrib module to limit connection acceptance based on system load. mod_load is now one of the provided contrib/ modules.
  • Bug 2503 - Bundled libcap library does not compile on IA64 machine.
  • Bug 2556 - Rename of directory across devices fails. The solution is to prevent renaming of directories. Proper support for copying of directories will require module support.
  • Bug 2563 - Linking fails on Solaris with libz and libmysqlclient. The linker in question was Solaris ld, not GNU ld; the Solaris linker is more particular about the order of specified libraries. GNU ld is less strict.
  • Bug 2331 - ProFTPD should honor POSIX ACLs. Please read the README.facl file for more information on POSIX ACL support in ProFTPD.
  • Bug 2573 - TLSProtocol directive in proftpd.conf is ignored. By fixing this bug, sites may find that a mod_tls configuration which worked prior to 1.3.0rc1 now does not work, failing with an error like "wrong version number" appearing in the TLSLog. To restore the previous behavior, these sites can use "TLSProtocol SSLv23" in proftpd.conf.
  • Bug 2559 - IPv6 socket option should be set for ServerType inetd.
  • Bug 2164 - Support non-PASS response codes (i.e. 232).
  • Bug 2515 - mod_quotatab should enforce hard limits at the filesystem level.
  • Bug 2567 - Segmentation fault with 64-bit binary due to structure layout difference.
  • Bug 2551 - Recursive LIST with symlinked directories gives duplicate results.
  • Bug 2576 - PWD command does not handle " character properly.
  • Bug 2493 - mod_tls should support CCC command.
  • Bug 2580 - ProFTPD on Tru64 with SIA allows login with blank password.
  • Bug 2554 - mod_delay gets segfault-signal on several logins.
Versienummer:1.3.0a
Releasestatus:Alpha
Besturingssystemen:Linux, BSD, macOS, Solaris, UNIX
Website:The ProFTPD Project
Download:ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.0a.tar.gz
Bestandsgrootte:1,77MB
Licentietype:GPL
Moderatie-faq Wijzig weergave

Reacties (6)

Zit er net in te knoeien... onder debian denk ik wel de standaard FTP server die je daar installeerd!

Voor je huis thuin en keuken ftp server voltdoet dit natuurlijk prima, in hoevere hij overweg kan met bv users uit een database of wat dan ook voor ingewikkelde zaken kan ik het niet zeggen...
ProFTPd ondersteund net zoals veel andere ftp servers voor unix-achtige omgevingen PAM modules. En er zijn PAM modules voor zo'n beetje alle open-source databases, ldap, samba (Active Directory / SAM authorisatie), cvs en passwd.

Als je proFTPd via apt-get hebt geinstalleerd kun je middels het bestand /etc/pam.d/proftpd aangeven hoe gebruikers gevalideerd kunnen worden.

proFTPd heeft support voor 'virtuele' TP sites en de 'root' wordt bepaald door 'homedir' van de geauthoriseerde user.

Wat betreft flexibiliteit kun je proFTPd vergelijken met Apache. Ook natuurlijk een huis, tuin en keuken webserver ;-)
Bv Chello (wereldwijd) gebruikt ProFTPd. Of dat zo'n eer is weet ik niet maar zegt wel wat over de mogelijkheden qua implementatie.
Ik gebruik het thuis en daar werkt het heel makkelijk, voor diegene die neit zo handig zijn gaat het erg makkelijk met die webinterface.
:+ huis,tuin en keuken ftp server.

Toch maar even wat meer onderzoek gaan doen ;)

Kijk hier bijvoorbeeld voor een lijstje van sites die nu ProFTPD gebruiken
pff met proftp kan je zelfs een mysql db gebruiken... idiaal om makkelijk overal als admin erbij te kunnen imo.
Iemand enige ervaring met dit prog?

Op dit item kan niet meer gereageerd worden.



Apple iOS 10 Google Pixel Apple iPhone 7 Sony PlayStation VR AMD Radeon RX 480 4GB Battlefield 1 Google Android Nougat Watch Dogs 2

© 1998 - 2016 de Persgroep Online Services B.V. Tweakers vormt samen met o.a. Autotrack en Carsom.nl de Persgroep Online Services B.V. Hosting door True