Re: ftpd: the advisory version

[okir () CALDERA DE (Olaf Kirch)]

On Mon, Jun 26, 2000 at 03:48:22PM -0400, Jim Knoble wrote:
> Circa 2000-Jun-24 09:17:56 -0000 schrieb Lamagra Argamal:
> : Couldn't you change it to bind to [port 20] at startup.

No. Remember that the whole point of the exercise is that, in
response to a PORT command, ftpd creates a TCP connection *to*
the client host. Assume you create a socket, and bind it to port 20.
Then you can use it exactly _once_ in a data connection, because you
need to connect() to the address/port specified by the client.
After the connection is torn down, the socket is dead, you can't
reuse it (and if your Unix flavor allows reconecting that socket to
some other address it's got a serious security problem).

> D.J. Bernstein's 'publicfile' anonymous FTP server + HTTP server does
> exactly this, as well as chrooting to a restricted area.

No. Quoting from the web page:

 * The publicfile FTP server uses local ports above 1024 for PORT connections.

I.e. publicfile is able to drop root privs because it stops using port 20
when creating data connections in response to a PORT command. It's
against the spec but works with most clients.

FWIW, note that wu-ftpd wants to retain saved root privs for other reasons
as well. E.g. you can make it play silly tricks with file ownership of
uploaded files so you can keep people from turning your /incoming into
a warez site. Nothing you coulnd't achieve by other means as well, but
it's something to keep in mind before starting to butcher it:-)

Olaf

--
Olaf Kirch         |  --- o --- Nous sommes du soleil we love when we play
okir () monad swb de  |    / | \   sol.dhoop.naytheet.ah kin.ir.samse.qurax
okir () caldera de    +-------------------- Why Not?! -----------------------
         UNIX, n.: Spanish manufacturer of fire extinguishers.