SECURITY OF THE PROXY

    The proxy runs with dropped priviledges, and can be set to run
    chrooted (not set up by default because you have to set up a directory
    for it - I recomend this though if possible). It can also be set to
    run on just one interface. If you want to eyeball the code then
    most of the dangerous bits are in control.c

DoS:

    There are timeouts on all reads and writes, and a maximum number of
    clients can be set. There should be an option for max connections
    from a machine, but I haven't added it!

Sanitising data that passes through the proxy

    Not much is done here. We only allow ascii characters in the range
    32--176 through the control stream which should make sending buffer
    overflow code through the proxy pretty difficult. FTP commands are
    all forced to be in the format "XXXX [argument]", and replies in
    the form "nnn[-] Message". Bear in mind that FTP is a
    fundamentally insecure protocol, and that there is not much
    difference that a proxy can make to many aspects of that. I'd
    suggest turning on "BounceDefend", "SameAddress", and "APConv" in
    the config file.

Can someone use the proxy to make a hole in the firewall?

    Not from the outside (I hope:). Due to the nature of the ftp
    protocol, and the fact that no checking is done on the data
    stream, under various circumstances someone within your firewall
    can use the proxy to tunnel a connection to the outside. If
    someone controls machines both inside, and outside of your
    firewall they can set up a tunnel between them, and I don't see a
    realistic way of preventing this.

Transparent data connection proxying / libiptc [Kernel 2.4 only]

    If you are using transparent data connections then there is some
    code in linux.c which is forked off and runs as root in order to
    add and remove iptables entries. The amount of code here is very
    small, but in the case of an exploit in the main part of the code
    an attacker might be able to use this to add and delete fairly
    arbitrary iptables rules. If your ftp clients don't mind receiving
    data connections which are not from the ftp-server (all clients I
    have tested are OK with this, and it is the rfc compliant
    behaviour) then I suggest you leave this setting off.
