Subject: Re: A possible solution to ftpd port 20 binding
To: Todd Vierling <>
From: Charles M. Hannum <>
List: tech-net
Date: 11/22/2000 06:23:52
Todd Vierling wrote:

> 1. A process flag, cleared on exec, allowing reserved port binding.
>    This would entail somehow setting this privilege flag on the struct proc
>    before revoking privileges, but the process could still bind privileged
>    ports.

This smells an awful lot like a capabilities-based system...

> 2. A socket option that creates a duplicate of a bound socket.
>    This approach allows ftpd to create its data socket before revoking
>    privileges, prebound, but not connected to a remote system.  It could
>    have other useful non-security-related applications as well.
>    The basic usage in userland would be, in pseudo:
>      fd = socket(family, type, proto);
>      setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &1, sizeof 1);
>      bind(fd, addr_and_port);

This is an absolutely horrendous abstraction violation.  No way.