# Root does make it worse, of course; along those lines, it's worth noting
# that ftpd doesn't -- and can't -- give up its root privileges entirely.
# It keeps them so that it can bind to port 20 for each data channel
# creation. And yes, that code makes me extremely nervous. A better
# interface is needed to permit safer ftpd operation while still adhering
# to that part of the protocol spec.
# In fact, I've toyed with the idea of removing from our gateway machine
# the root-only restriction on creation of low-numbered ports. That
# restriction is used to enable rsh and friends to work. But no one
# trusts our gateway machine (as far as we know...); by changing the
# kernel, we can actually enhance the overall security of the system.
Now there's an interesting thought... If I were doing that, I'd make
it so that clients that don't ask for a specific port number (i.e.,
they ask for a port, and any old port will do) still get a port number
>1024. This is so that all the packet filtering rules that concern
themselves with ">1024" and "<1024" to distinguish servers from
clients will still work.
Brent Chapman Great Circle Associates
COM 1057 West Dana Street
+1 415 962 0841 Mountain View, CA 94041