Another (minor) security problem. This one is located in ProFtpd. To patch this, I've downloaded two rpm's from the proftpd website:

  • proftpd-1.2.7-2.i386.rpm
  • proftpd-inetd-1.2.7-2.i386.rpm
    and installed these. After this, I've copied the template 05DisallowChmod from /etc/e-smith/templates/etc/proftpd.conf to /etc/e-smith/templates-custom/etc/proftpd.conf, and removed the contents. The configuration parameter AllowChmod has been removed in version 1.2.6. The same functionality is offered by the Limit parameter. When I started the ftp-server (service proftpd restart) I got an error Fatal: Socket operation on non socket, but that was because I wasn't supposed to start it manually, it's started at request by the inetd-deamon.