Deprecating ftpd in the FreeBSD base system?
Warner Losh
imp at bsdimp.com
Wed Sep 16 17:38:24 UTC 2020
On Wed, Sep 16, 2020 at 11:34 AM Ed Maste <emaste at freebsd.org> wrote:
> FTP is (becoming?) a legacy protocol, and I think it may be time to
> remove the ftp server from the FreeBSD base system - with the recent
> security advisory for ftpd serving as a reminder.
>
> I've proposed adding a deprecation notice to the man page in
> https://reviews.freebsd.org/D26447 to start this off. There are a
> number of ftp servers in ports, and if we're going to remove the base
> system one we can create a port for it first, as well.
>
> Any comments or concerns, please follow up in the code review or in email
> here.
>
While I may quibble over the 'legacy' tag to FTP, I do agree that ftpd
isn't important enough to risk the security exposure for it (even if we
don't enable it by default). There are several ftpd ports one could use. I
know I'll be installing it on my systems here, but I have some special
needs due to a video camera that uploads snapshots via ftp (and yes, I know
that's not super secure which is why it's on it's own VLAN, jail insulated,
etc).
Warner
More information about the freebsd-current
mailing list