From owner-freebsd-security Tue Apr 23 20:11: 4 2002 Delivered-To: freebsd-security@freebsd.org Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (Postfix) with ESMTP id 189E737B41D for ; Tue, 23 Apr 2002 20:10:51 -0700 (PDT) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.11.4/8.11.6) id g3O3Amd04898; Tue, 23 Apr 2002 23:10:48 -0400 (EDT) (envelope-from wollman) Date: Tue, 23 Apr 2002 23:10:48 -0400 (EDT) From: Garrett Wollman Message-Id: <200204240310.g3O3Amd04898@khavrinen.lcs.mit.edu> To: Mikko Tyolajarvi Cc: security@FreeBSD.ORG Subject: Re: segfault in ftpd Newsgroups: local.freebsd.security In-Reply-To: <200204240253.g3O2rrM33014@mikko.rsa.com> References: <20020423225805.Q93786-100000@titanic.medinet.si> <200204240253.g3O2rrM33014@mikko.rsa.com> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org < said: > makes it such a security problem in the first place -- how often do > you _really_ need to change user in the middle of an ftp session? > It should just switch uid and be done with it, IMHO). Unfortunately, the people who designed the FTP protocol did not consider the notion of `privileged ports'. As a result, an active-mode FTP connection is required to originate from , which means that for every active-mode FTP operation, the FTP server must be able to bind to a privileged port. An implementation of capabilities would obviate this problem: ftp could change its context entirely to that of the client, except leaving the `can bind low ports' bit on, and still be able to accomplish what it needs to do. -GAWollman To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message