Bugtraq mailing list archives

Re: ftpd: the advisory version

From: jmknoble () PINT-STOWP CX (Jim Knoble)
Date: Mon, 26 Jun 2000 15:48:22 -0400


Circa 2000-Jun-24 09:17:56 -0000 schrieb Lamagra Argamal:

: Last thing, I've been thinking about the general ftp protocol and there
: is only 1 reason why it should run as root after authentication. Namely
: to bind the dataconnection to port <ftpport - 1> (mostly 20). And we
: all know high ports require root priviledges for binding. Couldn't you
: change it to bind to the port at startup. This would require some other
: changes to prevent DoS etc But it should be possible, after that the
: daemon can just drop all priviledges after authentication. Giving an
: attacker nothing.

D.J. Bernstein's 'publicfile' anonymous FTP server + HTTP server does
exactly this, as well as chrooting to a restricted area.  It's here:

  http://cr.yp.to/publicfile.html

If all you need is anonymous FTP, it works fine (for user FTP,
consider ssh/scp as a replacement).

--
jim knoble | jmknoble () jmknoble cx | http://www.jmknoble.cx/

Current thread:

Re: ftpd: the advisory version Lamagra Argamal (Jun 24)
- Re: ftpd: the advisory version Jim Knoble (Jun 26)
  - Re: ftpd: the advisory version Olaf Kirch (Jun 27)
    - Re: ftpd: the advisory version Mike Eldridge (Jun 29)
- Linux capability bounding set weakness Patrick Reynolds (Jun 26)
  - Re: Linux capability bounding set weakness Paul Wouters (Jun 27)
  - Re: Linux capability bounding set weakness Matthew Kirkwood (Jun 27)
  - Improved ARP sniffer Paul Starzetz (Jun 27)
- [suse-security-announce] SuSE Security Announcement: kernel-2.2.x (fwd) Daniel T. Chen (Jun 27)
- <Possible follow-ups>
- Re: ftpd: the advisory version Steven M. Bellovin (Jun 26)
- Re: ftpd: the advisory version Dan Harkless (Jun 27)
  - Re: ftpd: the advisory version Teodor Cimpoesu (Jun 28)

(Thread continues...)