[danneskjold]

Now, Now, blaming the Linux OS for wu-ftp's shortcomings is kind of like blaming Windows for the flaws in Norton Utilities. Just so you know, wu-ftp is a program run under Linux not Linux itself. And just like lots of NU customers, most people that used or had heard about the flaws in wu-ftp switched over to other packages years ago. On the other hand the MS OS itself is still very un-secure and flakey.

I disagree. If the OS allows a program to breach its (the OS's) file security, the problem is at least equally with the OS.

[B Knotts]

If the ftp daemon is run as a normal user in a chroot jail, there would be no access to the file system in general, despite a bug like this one. Hence, it is not a general OS problem.

[Frumious Bandersnatch]

I disagree. If the OS allows a program to breach its (the OS's) file security, the problem is at least equally with the OS.

But it is not necessarily a breach in the OS' file system.  In order to work, many programs need root (or system) privileges.  If the program has a bug in it which allows a breach of OS integrity, it is not necessarily a problem with the OS (since with root privs you must necessarily be able to do anything).