bt: > You have to run as root to setuid to the user, to open the log files, > and to chroot (for anon) to the ftp dir.. of course after login, root > privs are not really needed. They are needed to create ftp-data sockets (privileged port number). That's why ftpd runs (most of the time) with the effective uid of the user who is logged in, but real uid 0 (so that it can get root privs for a while, to create a socket). But no external program (like ls, gzip, tar, ...) needs to run as root - there should be something like setgid(getegid()); setuid(geteuid()); between fork and exec in ftpd_popen. This would prevent the slackware hole from giving root access. Comments? Marek Michalkiewicz