On Thu, 04 Jul 2002 00:05:16 -0700, Blue Boar wrote: >Is there any point in needing to be root in order to allocate the low ports >on unix-like systems, anymore? Could we get away from having to have some >daemons even have a root stub in order to listen on a low port? What would >break, and what new holes would be created? Could some sort of port ACL >simply be used that says a particular UID can allocate a particular range >of ports? > >Discuss. Imagine if inetd crashes or someone finds a way to crash it. They then set up their own telnet daemon on port 23 and capture passwords. Not good. I'm safe, you say, because I don't use telnet, I only use secure login tools like ssh. You're dreaming, I say, a trojaned ssh could do just as much damage even though it can't acquire the password since it can do a chown/chmod+s. This sounds like a very bad idea to me. DS
This archive was generated by hypermail 2b30 : Thu Jul 04 2002 - 10:47:26 PDT