Bugtraq mailing list archives
Re: ftpd: the advisory version
From: jmknoble () PINT-STOWP CX (Jim Knoble)
Date: Mon, 26 Jun 2000 15:48:22 -0400
Circa 2000-Jun-24 09:17:56 -0000 schrieb Lamagra Argamal: : Last thing, I've been thinking about the general ftp protocol and there : is only 1 reason why it should run as root after authentication. Namely : to bind the dataconnection to port <ftpport - 1> (mostly 20). And we : all know high ports require root priviledges for binding. Couldn't you : change it to bind to the port at startup. This would require some other : changes to prevent DoS etc But it should be possible, after that the : daemon can just drop all priviledges after authentication. Giving an : attacker nothing. D.J. Bernstein's 'publicfile' anonymous FTP server + HTTP server does exactly this, as well as chrooting to a restricted area. It's here: http://cr.yp.to/publicfile.html If all you need is anonymous FTP, it works fine (for user FTP, consider ssh/scp as a replacement). -- jim knoble | jmknoble () jmknoble cx | http://www.jmknoble.cx/
Current thread:
- Re: ftpd: the advisory version Lamagra Argamal (Jun 24)
- Re: ftpd: the advisory version Jim Knoble (Jun 26)
- Re: ftpd: the advisory version Olaf Kirch (Jun 27)
- Re: ftpd: the advisory version Mike Eldridge (Jun 29)
- Re: ftpd: the advisory version Olaf Kirch (Jun 27)
- Linux capability bounding set weakness Patrick Reynolds (Jun 26)
- Re: Linux capability bounding set weakness Paul Wouters (Jun 27)
- Re: Linux capability bounding set weakness Matthew Kirkwood (Jun 27)
- Improved ARP sniffer Paul Starzetz (Jun 27)
- [suse-security-announce] SuSE Security Announcement: kernel-2.2.x (fwd) Daniel T. Chen (Jun 27)
- <Possible follow-ups>
- Re: ftpd: the advisory version Steven M. Bellovin (Jun 26)
- Re: ftpd: the advisory version Dan Harkless (Jun 27)
- Re: ftpd: the advisory version Teodor Cimpoesu (Jun 28)
(Thread continues...)
- Re: ftpd: the advisory version Jim Knoble (Jun 26)