On Thu, Jul 04, 2002 at 12:05:16AM -0700, Blue Boar wrote: > Is there any point in needing to be root in order to allocate the low ports > on unix-like systems, anymore? It's a dangerous situation, when unpriviledged users are able to run fake-daemons on ports where there should work a root process or nothing. Imagine a situation, when on your server you run only sshd and some server such as MTA, http server, but there's a possibility of starting a process (some _malicious_ process) on ports like 21/ftp, 23/telnet and getting passwords of your users (you do not need to create a working ftp server, you just need to get passwords and drop a connection with some error message, it's about 50 lines of code). It's rather not a good idea, to give such a possibility to all of your users. > Could some sort of port ACL > simply be used that says a particular UID can allocate a particular range > of ports? I don't know, but even if it isn't possible, it's not hard to code it. -- [ Wojtek gminick Walczak ][ http://hacker.pl/gminick/ ] [ gminick (at) hacker.pl ][ gminick (at) klub.chip.pl ]
This archive was generated by hypermail 2b30 : Thu Jul 04 2002 - 10:42:34 PDT