You have stated correctly, that a process has to be root to open a low port (<1024). But modern and secure servers are only starting as root, opening the port and then dropping privileges. So a possible successful cracker finds himself being a small little user with no or nearly no rights on the system.
I e-mailed the programmer of my Java based FTP software and here is a summary of his reply to me: "If you were to set CrushFTP to launch during startup by a process owned by root...then you would be fine. Or, if you had another application owned by root that could kick off CrushFTP (like maybe Cron or something) it also wouldn't be an issue. However, the java code cannot do this itself." So can someone help me with this? How exactly would I get CrushFTP to launch by a process 'owned by root' or have something owned by root start it for me? - Eric One last question ... I know this is a KDE forum, but if I switched to Gnome would I be able to accomplish the same thing?