If your firewall can do port forwarding then you can easily do this yourself for most services. Just have the firewall forward port 25 to say 2025 and let sendmail run on 2025. The down side is obviously that if somebody breaks non-root on your machine then he can steal your mail. Is it worth it? Probably depends on the value of your mail. Up to you. Amanda. -----Original Message----- From: Blue Boar [mailto:BlueBoarat_private] Sent: Thursday, July 04, 2002 09:05 To: vuln-devat_private Subject: Ports 0-1023? Is there any point in needing to be root in order to allocate the low ports on unix-like systems, anymore? Could we get away from having to have some daemons even have a root stub in order to listen on a low port? What would break, and what new holes would be created? Could some sort of port ACL simply be used that says a particular UID can allocate a particular range of ports? Discuss. BB
This archive was generated by hypermail 2b30 : Thu Jul 04 2002 - 10:49:53 PDT