> > 80 is the convention for http, 443 for https (http over SSL/TLS). > > > > But your argument stands, neither service requires system > > privileges to run > > (apart from opening that initial port). > > It should be noted that part of this distinction is historic ... back when > few people had machines, but many many people had accounts, there was in > fact a tangible difference in trust between "a machine I don't know" and > "a random user on a machine I don't know". > > Services like identd, which are now more or less useless, are based on this > distinction: a certain amount of trust for the average sysadmin, and less > trust of the average user. A site web server fits this exactly, the site authorizes the web server, and advertises it via a well known port (80). The same distinction applies to port 443 (https). https on other ports are not well known or advertised, but that doesn't prevent them from being used. > > Many things that don't need root privs run below 1024 for a similar reason: > they are considered to be "machine wide" services, administered by root > instead of just some user. > > Now, if only TCP supported something like: "somemachine.com:tim@80" then > everyone could have their own web server ... :) TCP doesn't, but web servers do: "somemachine.com/tim" works just fine where the URL is forwarded to "anymachine.com:someport". Can work if "/tim" is a forwarding CGI that verifies that "tim" has a socket open... TCP can't do that. TCP/IP has no concept of "user". IPSec (the RFC - not the implementations) adds user information, but it is oriented to MAC support. ------------------------------------------------------------------------- Jesse I Pollard, II Email: pollardat_private Any opinions expressed are solely my own. _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed Jul 18 2001 - 07:57:24 PDT