Open a socket for a data transfer in active mode using euid

of the current user, not root. This will allow neat things like matching anonymous FTP data traffic with a single ipfw(8) rule: ipfw add ... tcp from any to any uid ftp Note that the control connection socket still belongs to the user ftpd(8) was started from, usually root. PR: bin/65928 Submitted by: Eugene Grosbein <eugen at grosbein.pp.ru> MFC after: 1 month
2004-07-30 16:57:42 +00:00 · 2004-07-30 16:57:42 +00:00 · 9fb1cda8d0
commit 9fb1cda8d0
parent 1be1b43db4
1 changed files with 1 additions and 1 deletions
--- a/libexec/ftpd/ftpd.c
+++ b/libexec/ftpd/ftpd.c
@ -1810,7 +1810,6 @@ getdatasock(char *mode)

 	if (data >= 0)
 		return (fdopen(data, mode));
-	(void) seteuid((uid_t)0);

 	s = socket(data_dest.su_family, SOCK_STREAM, 0);
 	if (s < 0)
@ -1820,6 +1819,7 @@ getdatasock(char *mode)
 	/* anchor socket to avoid multi-homing problems */
 	data_source = ctrl_addr;
 	data_source.su_port = htons(dataport);
+	(void) seteuid((uid_t)0);
 	for (tries = 1; ; tries++) {
 		if (bind(s, (struct sockaddr *)&data_source,
 		    data_source.su_len) >= 0)