Subject: Re: A possible solution to ftpd port 20 binding
To: Luke Mewburn <firstname.lastname@example.org>
From: Todd Vierling <email@example.com>
Date: 11/22/2000 10:43:59
On Wed, 22 Nov 2000, Luke Mewburn wrote:
: If you run ftpd with `-r', or bound to a port > 1024, or use `-P dataport'
: with a port > 1024, ftpd will use setuid(pw->pw_uid) to irrevocably
: drop root privs. Of course, it breaks the RFC WRT the dataport being
: the ctrlport-1, but ...
Well, it wouldn't necessrily break the RFC if the bound port is >=1025.
Provided the ctrlport-1 is free or only used by SO_REUSEPORT sockets. :)
: Another solution is to have a central file descriptor broker daemon,
: which you communicate with via an authenticated AF_LOCAL socket.
The problems here are overhead (which simon pointed out), and
"authenticated". Who authenticates it, given that ftpd will run as any user
capable of logging into the system.
: If this would work as a concept, and we had an API for this (in -lutil
: or wherever) could we even use it to solve the $HOSTALIASES problem for
: set-id programs?
Possibly, but there's still the issue of finding out who the original user
really was, if the program does one of those nice setuid(geteuid()) calls.
-- Todd Vierling <firstname.lastname@example.org> * http://www.wasabisystems.com/
-- Speed, stability, security, and support. Wasabi NetBSD: Run with it.