> To fix the security hole in previous version 2.3: > 1. remove "site exec" from commands. that would help but isn't enough by itself > 2. stop anonymous uploading via adding "chmod no anonymous" and > "umask no anonymous" to ftpaccess file. that would help but isn't enough by itself > 3. remove ftp-exec subdirectory in ~ftp/bin that would help but isn't enough by itself > 4. Obtain and install wu-ftpd 2.3 that would really fix it. the latest "wrl" ftpd also has a fix for this. since the security bug was in code that i added to "wrl"'s ftpd and the "wu" people got the code (and the bug) from "wrl", it's significant that both versions are fixed. i actually like the fix i put into "wrl"'s better than the one the "wu" people put into theirs, since i took the oppty to clean up some other problems. the reason CERT hasn't announced this yet is that they are still coordinating with vendors and the larger ftp sites to get the bug fixed before they publicize it. so please keep this information to yourselves.