Quoth Niels M�ller: > Now, you start the ftpd with something like > > rmauth /real/ftpd </your/capabilities/server > > There may be some better way to create and inherit the port than to > bind it to the stdin fd.
Would opening the port in the beginning of main() before doing something like rmauth(getpid()) count as a better way? It seems to me, though, that the changes needed to make an already existing program use this could be quite intrusive? In comparison, I have here a patch for ntpd that: 1. changes UID from root to ntp keeping all privileges 2. drops all privileges except the one for opening low ports and the one for setting system time. 3. runs the rest of the program perfectly, and completely unmodified. (and I'm not even a half good c programmer ;) With your proposed solution, I figure you would need to change all the places in the file that are doing something privileged from using their current function calls to sending commands through the pre-opened fd/port. (changes in glibc could beautify this _very_ much in the actual program, though.) Oystein -- Ebg13 arire tbrf bhg bs fglyr..
