From c4af17134ad4fe73cd89c72f7c4a99a0b3555ed1 Mon Sep 17 00:00:00 2001
From: Xin LI <d@delphij.net>
Date: Fri, 2 Dec 2011 10:35:29 -0800
Subject: [PATCH 1/4] ftpd(8): Drop privileges before executing anything.

---
 libexec/ftpd/popen.c |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)

diff --git a/libexec/ftpd/popen.c b/libexec/ftpd/popen.c
index 8a739dc..9f80507 100644
--- a/libexec/ftpd/popen.c
+++ b/libexec/ftpd/popen.c
@@ -143,6 +143,9 @@ ftpd_popen(char *program, char *type)
 			}
 			(void)close(pdes[1]);
 		}
+		/* Drop privileges before proceeding */
+		if (getuid() != geteuid() && setuid(geteuid()) < 0)
+			_exit(1);
 		if (strcmp(gargv[0], _PATH_LS) == 0) {
 			/* Reset getopt for ls_main() */
 			optreset = optind = optopt = 1;
-- 
1.7.7.2