RE: Ports 0-1023?

From: Amanda Jones (amandaat_private)
Date: Thu Jul 04 2002 - 01:19:29 PDT

Next message: Dan Kaminsky: "Re: Ports 0-1023?"

Previous message: David Schwartz: "Re: Ports 0-1023?"
In reply to: Blue Boar: "Ports 0-1023?"
Next in thread: Michal Zalewski: "RE: Ports 0-1023?"
Next in thread: Dan Kaminsky: "Re: Ports 0-1023?"
Reply: Michal Zalewski: "RE: Ports 0-1023?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

If your firewall can do port forwarding then you can easily do this
yourself for most services. Just have the firewall forward port 25 to
say 2025 and let sendmail run on 2025.

The down side is obviously that if somebody breaks non-root on your
machine then he can steal your mail. Is it worth it? Probably depends on
the value of your mail. Up to you.

Amanda.

-----Original Message-----
From: Blue Boar [mailto:BlueBoarat_private] 
Sent: Thursday, July 04, 2002 09:05
To: vuln-devat_private
Subject: Ports 0-1023?


Is there any point in needing to be root in order to allocate the low
ports 
on unix-like systems, anymore?  Could we get away from having to have
some 
daemons even have a root stub in order to listen on a low port?  What
would 
break, and what new holes would be created?  Could some sort of port ACL

simply be used that says a particular UID can allocate a particular
range 
of ports?

Discuss.

							BB

Next message: Dan Kaminsky: "Re: Ports 0-1023?"
Previous message: David Schwartz: "Re: Ports 0-1023?"
In reply to: Blue Boar: "Ports 0-1023?"
Next in thread: Michal Zalewski: "RE: Ports 0-1023?"
Next in thread: Dan Kaminsky: "Re: Ports 0-1023?"
Reply: Michal Zalewski: "RE: Ports 0-1023?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jul 04 2002 - 10:49:53 PDT