From 6c124a8422a416066fc7de11c36df4988b802efa Mon Sep 17 00:00:00 2001 From: Yaroslav Tykhiy Date: Fri, 30 Jul 2004 16:57:42 +0000 Subject: [PATCH] Open a socket for a data transfer in active mode using euid of the current user, not root. This will allow neat things like matching anonymous FTP data traffic with a single ipfw(8) rule: ipfw add ... tcp from any to any uid ftp Note that the control connection socket still belongs to the user ftpd(8) was started from, usually root. PR: bin/65928 Submitted by: Eugene Grosbein MFC after: 1 month --- libexec/ftpd/ftpd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libexec/ftpd/ftpd.c b/libexec/ftpd/ftpd.c index 1b1f45cba8b..8d44c7b8f45 100644 --- a/libexec/ftpd/ftpd.c +++ b/libexec/ftpd/ftpd.c @@ -1810,7 +1810,6 @@ getdatasock(char *mode) if (data >= 0) return (fdopen(data, mode)); - (void) seteuid((uid_t)0); s = socket(data_dest.su_family, SOCK_STREAM, 0); if (s < 0) @@ -1820,6 +1819,7 @@ getdatasock(char *mode) /* anchor socket to avoid multi-homing problems */ data_source = ctrl_addr; data_source.su_port = htons(dataport); + (void) seteuid((uid_t)0); for (tries = 1; ; tries++) { if (bind(s, (struct sockaddr *)&data_source, data_source.su_len) >= 0)