Deprecating base system ftpd?
Cy Schubert
Cy.Schubert at cschubert.com
Mon Apr 5 14:45:06 UTC 2021
In message <CAPyFy2AbP2X339zbemZ9Y8edjNKdyygnR9mH48Q78nxwDtOBAg at mail.gmail.c
om>
, Ed Maste writes:
> I propose deprecating the ftpd currently included in the base system
> before FreeBSD 14, and opened review D26447
> (https://reviews.freebsd.org/D26447) to add a notice to the man page.
> I had originally planned to try to do this before 13.0, but it dropped
> off my list. FTP is not nearly as relevant now as it once was, and it
> had a security vulnerability that secteam had to address.
I think this is an excellent start. My shopping list includes:
- remove ftp(1)
- remove ftpd(8)
- remove telnet(1)
- remove telnetd(8)
- remove ftp:// and http:// from libfetch. This is 2021 and we should all
use https://.
- replace DNS lookups with DoH and/or DoT. Why let your ISP see your DNS
traffic?
>
> I'm happy to make a port for it if anyone needs it. Comments?
I've started working on splitting ftp and ftpd into an external git repo.
The problem I've encountered is that though only ftp and ftpd are left the
resultant repo is still 1.2 GB. If my last attempt fails, there is a choice
between a 1.2 GB repo and burning ftp forever then the choice is clear:
burn it forever.
Adding the following as an option:
Also note that the tnftp ports are the NetBSD ftp and ftpd. The FreeBSD ftp
and ftpd are simply copies of tnftp and tnfpd. Would it make more sense to
share our customizations with NetBSD and we simply reply on NetBSD for the
client and server in our ports? This last option might be simpler than
creating a port.
Personally, I'd suggest we remove the ftpd server *AND* ftp client and rely
on ports. Having worked on UNIX, Internet security, and firewalls over the
last 3/5 of my almost 50 year career, I have lamented the existence of the
FTP protocol back in 1995 and I hate the FTP protocol with greater a
passion today. Let's simply remove all vestiges of FTP from the base
system, including libfetch, sooner than later. We don't need it now that we
have HTTPS and POST; and sftp.
I think we should make it our goal to remove any and all unencrypted
protocols from FreeBSD by 2025.
--
Cheers,
Cy Schubert <Cy.Schubert at cschubert.com>
FreeBSD UNIX: <cy at FreeBSD.org> Web: https://FreeBSD.org
NTP: <cy at nwtime.org> Web: https://nwtime.org
The need of the many outweighs the greed of the few.
More information about the freebsd-stable
mailing list