[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CVS: cvs.openbsd.org: src



CVSROOT:	/cvs
Module name:	src
Changes by:	beck_(_at_)_cvs_(_dot_)_openbsd_(_dot_)_org	2001/08/21 23:28:16

Modified files:
	libexec/ftp-proxy: ftp-proxy.8 ftp-proxy.c 

Log message:
-Functionify some of the main loop, so it isn't so horrificly deep and is
a bit easier to look at, for small values of easier.

-Add two options for -u user and -g group to optionally make the proxy drop
privs after doing it's pf ioctl's to find out where to go. Running as non
root does mean that the PORT and EPRT backchannels do not come from port 20,
but this isn't a problem for most sensible ftp clients and sets of packet
filter rules that aren't written by a knuckle dragging ape living in the 90's.
I would make it drop privs by default, but technically this breaks the ftp
specs, and for the upcoming stuff to deal with EPRT, we will need root privs
to manipulate rdr rules).