Hi, did you ever think about the consequences if someone is able to setup a fake sshd or telnet daemon? Do i hear "sniffing" from uid(nobody) gained trough new apache vuln?! (just for example, of course). Attackers would find a way to kill a process local/remote and setup their own progs. No need to change the tradition. > > Is there any point in needing to be root in order to allocate the low > ports > on unix-like systems, anymore? Could we get away from having to have some > daemons even have a root stub in order to listen on a low port? What > would > break, and what new holes would be created? Could some sort of port ACL > simply be used that says a particular UID can allocate a particular range > of ports? > > Discuss. > > BB -- Mark Ruth Unix Systems Administrator New York, ksh-2at_private GMX - Die Kommunikationsplattform im Internet. http://www.gmx.net
This archive was generated by hypermail 2b30 : Thu Jul 04 2002 - 10:35:14 PDT