Security Issues With FTP

by Mike on November 7, 2008

in FTP Server

FTP, file transfer protocol, is widely used on the Internet for transferring files. Though FTP has a terrible security record it continues to be very popular, mainly because it is so simple to setup and use. There is a great deal of FTP software available.

WU-FTPD, the Washington University FTP daemon, has been a popular choice with many recently because it provides these security features that have been lacking in some options in the past:
log all incoming and outgoing file transfers
log all commands used by users
compression on the fly
organize users into classes so that limits on classes can be used
control uploads on each directory individually
display messages
support virtual hosts

ProFTPD has been configured and designed to be more secure than WU-FTPD. ProFTPD was rewritten from scratch to provide greater security. The security features that it provides are:
directory access using .ftpaccess files
anonymous FTP root directory
support for hidden files
uses an unprivileged user in stand-alone mode

Both of these FTP servers are widely used. However, CentOS uses a FTP program that offers greater security and scalability , VSFTPD.

VSFTPD has replaced the WU-FTPD with a more secure ftp daemon. This ftp program is labeled as more secure, stable, faster and more scalable. VSFTPD has taken steps to minimize the privileges it takes to run the ftp program. Each user runs at the level of least privilege.

Check Out the Website to see speed and security comparisons.

An example of what VSFTPD is trying to eliminate is WU-FTPD. When you log in as an anonymous user with WU-FTPD, a process is run for the ftp session, that process must run as root on the remote machine. This does not occur with VSFTPD.

VSFTPD uses chroot which would minimize damage if a user did compromise the server.

Secure Design:
1. Parsing and acting on potentially malicious remote network data uses an unprivileged user process. In addition a chroot () jail is used to ensure only the ftp files are accessible.

2. Privileged operations are done with a privileged parent process.

3. All requests received by the parent process are distrusted.

4. The privileged parent process uses capabilities and chroot() to always run in the least privileged user possible. The privileged parent constantly calculates the necessary privileges.

Buffer Overflow:
Buffer overflow problems have been the source of many security issues. Systems can be compromised by buffer overflows. vsftpd uses an API to hide the buffer handling from the user and one piece of generic code is used to deal with buffer handling for simplicity.

Previous post:

Next post: