Subject: Re: A possible solution to ftpd port 20 binding
To: Charles M. Hannum <>
From: Todd Vierling <>
List: tech-net
Date: 11/22/2000 10:26:49
On Wed, 22 Nov 2000, Charles M. Hannum wrote:

: > 1. A process flag, cleared on exec, allowing reserved port binding.

: This smells an awful lot like a capabilities-based system...

Yes, which is what I thought too.

: > 2. A socket option that creates a duplicate of a bound socket.
: > 
: >    This approach allows ftpd to create its data socket before revoking
: >    privileges, prebound, but not connected to a remote system.  It could
: >    have other useful non-security-related applications as well.

: This is an absolutely horrendous abstraction violation.  No way.

I don't see how this is a "horrendus abstraction violation," so a
non-summary technical explanation of this response would be nice.

-- Todd Vierling <>  *
-- Speed, stability, security, and support.  Wasabi NetBSD:  Run with it.