|
Bugtraq
mailing list archives
Re: ftpd: the advisory version
From: Valdis.Kletnieks () VT EDU (Valdis Kletnieks)
Date: Fri, 30 Jun 2000 17:25:09 -0400
On Thu, 29 Jun 2000 14:25:34 CDT, Mike Eldridge <diz () CAFES NET> said:
It would seem to me that the way it should have been done was a bind to
port 21 as root, then the control connection should drop root privileges
by setuid() to the incoming user. FTP data transfers should be passive by
default, binding to some unused random port above 1024.
Remember that FTP predates Unix. The port-1024 thing came along a LOT later
than FTP did. By the time the guys at Berkeley were doing their coding,
we were basically stuck with the 20/21. You might want to ask on the IETF
list if anybody remembers the reason it was done that way (quite possibly
a Multics or TOPS-20 issue ;)
--
Valdis Kletnieks
Operating Systems Analyst
Virginia Tech
<HR NOSHADE>
<UL>
<LI>application/pgp-signature attachment: stored
</UL>
 By Date 
By Thread
Current thread:
- Re: ftpd: the advisory version Valdis Kletnieks (Jun 30)
| 
Intro
