[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
CVS: cvs.openbsd.org: src
- To: source-changes_(_at_)_cvs_(_dot_)_openbsd_(_dot_)_org
- Subject: CVS: cvs.openbsd.org: src
- From: Bob Beck <beck_(_at_)_cvs_(_dot_)_openbsd_(_dot_)_org>
- Date: Tue, 21 Aug 2001 23:28:16 -0600 (MDT)
- Reply-to: Bob Beck <beck_(_at_)_cvs_(_dot_)_openbsd_(_dot_)_org>
Module name: src
Changes by: beck_(_at_)_cvs_(_dot_)_openbsd_(_dot_)_org 2001/08/21 23:28:16
libexec/ftp-proxy: ftp-proxy.8 ftp-proxy.c
-Functionify some of the main loop, so it isn't so horrificly deep and is
a bit easier to look at, for small values of easier.
-Add two options for -u user and -g group to optionally make the proxy drop
privs after doing it's pf ioctl's to find out where to go. Running as non
root does mean that the PORT and EPRT backchannels do not come from port 20,
but this isn't a problem for most sensible ftp clients and sets of packet
filter rules that aren't written by a knuckle dragging ape living in the 90's.
I would make it drop privs by default, but technically this breaks the ftp
specs, and for the upcoming stuff to deal with EPRT, we will need root privs
to manipulate rdr rules).