[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[patch,tarball] TUX 2.4.2-U7, tux-2.0.21.tar.gz



i've uploaded the -U7 patch and the 2.0.21 tarball:

  http://people.redhat.com/~mingo/TUX-patches/tux2-full-2.4.2-U7.bz2
  http://people.redhat.com/~mingo/TUX-patches/tux2-full-2.4.2-ac20-U7.bz2

  http://people.redhat.com/~mingo/TUX-patches/tux-2.0.21.tar.gz

the big change in -U7 is that it includes significant updates to the
TUX/FTP anonymous, download-only FTP protocol module. To get TUX running
as an FTP server isnt too hard:

  echo 1 > /proc/sys/net/tux/application_protocol
  echo 21 > /proc/sys/net/tux/serverport
  echo 0 > /proc/sys/net/tux/nonagle
  service tux restart

and you'll have a TUX/FTP server running on port 21, serving files in
/proc/sys/net/tux/docroot.

to get directory listings, you also need to run the 'generatetuxlist'
script in the FTP docroot, to generate the .TUX-LIST and .TUX-NLIST files
that cache 'ls' output. This script has to be re-run every time the
download tree is changed. (there are plans to provide a utility that is
directory-change-event based and does this updating automatically.)

NOTE: the TUX/FTP server, while being through numerous stresstests and
FTP-client compatibility tests, is still early software. TUX/FTP has no
known bugs or security holes at the moment. It has not been tested with a
wide number of FTP clients yet (only the most obvious ones).


Current limitations:

 - only ftp/anonymous/guest login possible.

 - no uploads allowed, at all.


Security features:

 - because TUX does not start per-client processes, the memory allocation
   overhead per logged in FTP client is less than 10 KB. This allows
   thousands of parallel connections.

 - paranoid parser and paranoid command-evaluation

 - chroots to docroot

 - never starts any external userspace process, all FTP functionality is
   done in a ~900 lines C module, in the kernel.

 - even in kernel mode TUX/FTP drops all priviledges and switches to
   uid/group nobody.

 - only the most trivial globbing (mget *) supported, and no recursion
   support.


Additional FTP-specific features not provided by base TUX:

 - FTP virtual hosts (through IP addresses) supported

 - active and passive mode supported

 - supports instant ABOR

 - supports download restarts (REST command)


As always, bugreports, fixes, comments, suggestions welcome.

	Ingo






[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []