On Thu, Jul 04, 2002 at 12:05:16AM -0700, Blue Boar wrote: > Is there any point in needing to be root in order to allocate the > low ports on unix-like systems, anymore? This was discussed some time ago on a techat_private (~2 years ago), it should be archived somewhere. IIRC: 1) This is the Unix way and we want to be compatible (bind port, drop root - easy) 2) The user which is able to bind low ports can bind a port when the service crashes or when it is being restarted by the administrator. So you still have to protect this special user/group (faked service or DoS is considered dangerous). 3) You still want to drop that special priviledge after binding that port, because when the service is compromised, the attacker gains power to bind low ports which means he is able to bind ports of other services (on crash/restart). (and remember - when you're not root, dropping priviledges is "harder" or even not possible) From a teoretical point of view - yes. Root is too much powerful and dangerous, some form of ACL's or capabilities would be better. (OR maybe just some special group). But this way you get system/service which is not Unix compatible, so you must maintain 2 versions - one for your system and one (insecure?) for the *nix. Anyway, inetd (xinetd/tcpserver) is a standard solution for that problem too. -- Martin Mačok http://underground.cz/ martin.macokat_private http://Xtrmntr.org/ORBman/
This archive was generated by hypermail 2b30 : Thu Jul 04 2002 - 10:32:41 PDT