vsftpd
| vsftpd | |
|---|---|
| Basic data
|
|
| Maintainer | Chris Evans |
| Publishing year | 2000 |
| Current version | 3.0.3 (July 2015) |
| operating system | Unix derivatives |
| programming language | C. |
| category | File server |
| License | GPL |
| German speaking | No |
| Chris Evans: vsftpd. Accessed August 30, 2015 . | |
The vsftpd is a server for the File Transfer Protocol . As an acronym , its name stands for Very Secure File Transfer Protocol Daemon .
background
The designation as a very secure (German: very safe ) reflects the fact that the protection is to prevent unauthorized use at the center of development. For this purpose, the vsftpd has a software architecture made up of modules and components with the most compact programming possible , which communicate with each other as separate processes . As a side effect, there was excellent behavior under heavy loads. Complicated functions tend to take a back seat with vsftpd. The vsftpd did not remain entirely without security holes.
Features and scope
vsftpd can (mostly /etc/vsftpd.conf) be set with a single configuration file and only allows anonymous FTP in its initial configuration . vsftpd makes excessive use of chroot jails , so that in the event of a security breach, the risk of compromising the entire system is minimized, since breaking out of a Unix chroot is usually impossible. Like most daemons, vsftpd does not need root privileges under any circumstances .
In previous versions, vsftpd , like many other FTP servers, was designed exclusively as an inetd application, so that a new instance was started with every FTP connection request. This has significant security advantages, as the vsftpd server only works with minimally necessary rights. In addition, the focus was on keeping the program size of vsftpd as small as possible in order to increase the performance with many new connections. Since newer versions, vsftpd also offers the option of running as an independent daemon in the background.
As a complete FTP server, vsftpd is in no way inferior to its popular competitors such as PureFTPd or ProFTPD . However, the configuration is spartan, so that, for example, the FTP authentication, which can be enabled in vsftpd with Pluggable Authentication Modules , in most cases requires at least fundamental Unix knowledge.
Because of its small program size, vsftpd is well suited for computers with scarce resources, but thanks to its speed it is also used on very large FTP servers, which usually only allow anonymous access and, as download servers, deliver thousands of files every hour.
Vulnerabilities
In July 2011 strangers managed to gain access to the download servers. Then they uploaded a version of vsftpd (version 2.3.4) that contained a security flaw. Users logging into a compromised vsftpd-2.3.4.4 server were able to :)get a command line on port 6200 with a smiley face as their username. In response to this attack, the project has since been hosted on the Google App Engine .
Web links
- Official website (English)
- Fresh Meat : project page (English)
- unofficial documentation wiki ( memento of October 13, 2014 in the Internet Archive ), founded in the absence of a central documentation website (English)
Individual evidence
- ↑ Chris Evans . LinkedIn . Retrieved February 16, 2013.
- ↑ Red Hat Linux 7.2 launches; FTP servers host over 15,000 concurrent users . Red hat . October 29, 2001. Archived from the original on January 29, 2012. Retrieved on July 10, 2017.
- ^ National Vulnerability Database . United States Department of Commerce . Retrieved February 16, 2013.
- ↑ Alert: vsftpd download backdoored. June 3, 2011, accessed June 2, 2019 .
- ↑ Ubuntu: vsftpd. Retrieved July 2, 2019 .
- ↑ Back door in the source code of the FTP server vsftpd. July 4, 2011, accessed June 2, 2019 .