[15602] in bugtraq
Re: ftpd: the advisory version
daemon@ATHENA.MIT.EDU (Valdis Kletnieks)
Sun Jul 2 15:39:01 2000
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="==_Exmh_-1168657824P";
micalg=pgp-sha1; protocol="application/pgp-signature"
Content-Transfer-Encoding: 7bit
Message-Id: <200006302125.e5ULP9P30074@black-ice.cc.vt.edu>
Date: Fri, 30 Jun 2000 17:25:09 -0400
Reply-To: Valdis.Kletnieks@VT.EDU
From: Valdis Kletnieks <Valdis.Kletnieks@VT.EDU>
X-To: Mike Eldridge <diz@CAFES.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: Your message of "Thu, 29 Jun 2000 14:25:34 CDT."
<Pine.LNX.4.10.10006291349470.14791-100000@mail.cafes.net>
--==_Exmh_-1168657824P
Content-Type: text/plain; charset=us-ascii
On Thu, 29 Jun 2000 14:25:34 CDT, Mike Eldridge <diz@CAFES.NET> said:
> It would seem to me that the way it should have been done was a bind to
> port 21 as root, then the control connection should drop root privileges
> by setuid() to the incoming user. FTP data transfers should be passive by
> default, binding to some unused random port above 1024.
Remember that FTP predates Unix. The port-1024 thing came along a LOT later
than FTP did. By the time the guys at Berkeley were doing their coding,
we were basically stuck with the 20/21. You might want to ask on the IETF
list if anybody remembers the reason it was done that way (quite possibly
a Multics or TOPS-20 issue ;)
--
Valdis Kletnieks
Operating Systems Analyst
Virginia Tech
--==_Exmh_-1168657824P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.2
Comment: Exmh version 2.2 06/16/2000
iQA/AwUBOV0QNHAt5Vm009ewEQK0+wCcCRKD4oXo6+sLcJs5J9DIqNfisMYAnAmv
M7rhV++K3145122rroIXLiyC
=P+yS
-----END PGP SIGNATURE-----
--==_Exmh_-1168657824P--
