This is a well-known, and well documented issue. Note that the
default configuration installation of nearly every Linux
distribution uses a different FTP, which is more secure.
When you install WU-FTP, there are several warnings and
cautions about setting up anonymous FTP accounts, particularly
the importance of setting up one read-only directory, and
another write-only directory (even a contributor can't see his
own freshly 'put' file.
This is similar to the "RSH" panic.
There are a number of tools which are designed for the back-end
nodes of beowulf clusters, which are protected by front-end
gateway machines which function as very aggressive firewalls to
the back-end nodes. Several good books and articles which
discuss how to build a Beowulf also discuss these security issues.
Yes, if you are very intentional about it, you can deliberately
configure your Linux system to be totally insecure. But it
takes some real effort.
This is in contrast to Windows 95, 98, and ME which allow
public shares to cable modems and DSL links, IE with embedded
ActiveX controls, or Outlook that is configured by default to
open Visual Basic files and execute .exe files.
Michel Pizaz wrote:
WU-FTP flaw
http://www.techrepublic.com/article.jhtml?id=r00220011217mco01.htm
