Re: ftpd: the advisory version

On Thu, 29 Jun 2000 14:25:34 CDT, Mike Eldridge <diz_at_CAFES.NET> said:
> It would seem to me that the way it should have been done was a bind to
> port 21 as root, then the control connection should drop root privileges
> by setuid() to the incoming user. FTP data transfers should be passive by
> default, binding to some unused random port above 1024.

Remember that FTP predates Unix. The port-1024 thing came along a LOT later
than FTP did. By the time the guys at Berkeley were doing their coding,
we were basically stuck with the 20/21. You might want to ask on the IETF
list if anybody remembers the reason it was done that way (quite possibly
a Multics or TOPS-20 issue ;)

--
				Valdis Kletnieks
				Operating Systems Analyst
				Virginia Tech
<HR NOSHADE>
<UL>
<LI>application/pgp-signature attachment: stored
</UL>