diff options
author | Bob Beck <beck@cvs.openbsd.org> | 2001-09-05 20:40:11 +0000 |
---|---|---|
committer | Bob Beck <beck@cvs.openbsd.org> | 2001-09-05 20:40:11 +0000 |
commit | ea0c01f32219d002d5c6247f1abc217f053be30e (patch) | |
tree | b4b1af9de1cec5057ce1520e983116ac74e88c78 /libexec/ftp-proxy/ftp-proxy.c | |
parent | 0421b692c03000b1269884e747ffa43b9f133d16 (diff) |
-Make ftp-proxy drop privs to user "proxy" by default.
*WARNING* this means that it will die when it can't find user proxy
if you are not running with a passwd database generated from current
- Speling cleanup and missing va_end() noticed by <d.doroshenko@omnitel.net>
- fix logging of getpwnam|getgrnam failures.
Diffstat (limited to 'libexec/ftp-proxy/ftp-proxy.c')
-rw-r--r-- | libexec/ftp-proxy/ftp-proxy.c | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/libexec/ftp-proxy/ftp-proxy.c b/libexec/ftp-proxy/ftp-proxy.c index 887d23403a6..d815cd9a4d9 100644 --- a/libexec/ftp-proxy/ftp-proxy.c +++ b/libexec/ftp-proxy/ftp-proxy.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ftp-proxy.c,v 1.14 2001/08/28 19:57:29 beck Exp $ */ +/* $OpenBSD: ftp-proxy.c,v 1.15 2001/09/05 20:40:10 beck Exp $ */ /* * Copyright (c) 1996-2001 @@ -141,7 +141,8 @@ char ClientName[NI_MAXHOST]; char RealServerName[NI_MAXHOST]; char OurName[NI_MAXHOST]; -char *User, *Group; +char *User = "proxy"; +char *Group; extern int Debug_Level; extern int Use_Rdns; @@ -202,7 +203,7 @@ drop_privs() if (User != NULL) { pw = getpwnam(User); if (pw == NULL) { - syslog(LOG_ERR, "can't find user %s (%m)", User); + syslog(LOG_ERR, "can't find user %s", User); exit(EX_USAGE); } uid = pw->pw_uid; @@ -212,7 +213,7 @@ drop_privs() if (Group != NULL) { gr = getgrnam(User); if (gr == NULL) { - syslog(LOG_ERR, "can't find group %s (%m)", Group); + syslog(LOG_ERR, "can't find group %s", Group); exit(EX_USAGE); } gid = gr->gr_gid; @@ -731,7 +732,7 @@ out: /* * If we aren't in NAT mode, deal with EPSV. - * EPSV is a problem - Unliks PASV, the reply from the + * EPSV is a problem - Unlike PASV, the reply from the * server contains *only* a port, we can't modify the reply * to the client and get the client to connect to us without * resorting to using a dynamic rdr rule we have to add in |