Subject: Re: A possible solution to ftpd port 20 binding
To: Todd Vierling <email@example.com>
From: Charles M. Hannum <firstname.lastname@example.org>
Date: 11/22/2000 06:23:52
Todd Vierling wrote:
> 1. A process flag, cleared on exec, allowing reserved port binding.
> This would entail somehow setting this privilege flag on the struct proc
> before revoking privileges, but the process could still bind privileged
This smells an awful lot like a capabilities-based system...
> 2. A socket option that creates a duplicate of a bound socket.
> This approach allows ftpd to create its data socket before revoking
> privileges, prebound, but not connected to a remote system. It could
> have other useful non-security-related applications as well.
> The basic usage in userland would be, in pseudo:
> fd = socket(family, type, proto);
> setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &1, sizeof 1);
> bind(fd, addr_and_port);
This is an absolutely horrendous abstraction violation. No way.