Re: Ports 0-1023?

From: Michal Zalewski (lcamtufat_private)
Date: Thu Jul 04 2002 - 07:46:52 PDT

Next message: noir sin: "UnBodyGuard a.k.a Bouncer (Solaris kernel function hijacking) (fwd)"

Previous message: Dan Kaminsky: "Re: Ports 0-1023?"
In reply to: Blue Boar: "Ports 0-1023?"
Next in thread: Sebastian Krahmer: "Re: Ports 0-1023?"
Next in thread: robbeat_private: "Re: Ports 0-1023?"
Reply: Sebastian Krahmer: "Re: Ports 0-1023?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 4 Jul 2002, Blue Boar wrote:

> Is there any point in needing to be root in order to allocate the low ports
> on unix-like systems, anymore?

As long as you keep the old privilege model, of course. You don't want
your users to bind port 25 when Sendmail goes down for a short while
(actually, you can induce it pretty easily in certain configurations).

> Could some sort of port ACL simply be used that says a particular UID
> can allocate a particular range of ports?

It would be desired for all Unix systems to have an extensive ACL system
enabled by default (not something like Linux capabilities), but I doubt
it'll happen any time soon.

-- 
_____________________________________________________
Michal Zalewski [lcamtufat_private] [security]
[http://lcamtuf.coredump.cx] <=-=> bash$ :(){ :|:&};:
=-=> Did you know that clones never use mirrors? <=-=
          http://lcamtuf.coredump.cx/photo/

Next message: noir sin: "UnBodyGuard a.k.a Bouncer (Solaris kernel function hijacking) (fwd)"
Previous message: Dan Kaminsky: "Re: Ports 0-1023?"
In reply to: Blue Boar: "Ports 0-1023?"
Next in thread: Sebastian Krahmer: "Re: Ports 0-1023?"
Next in thread: robbeat_private: "Re: Ports 0-1023?"
Reply: Sebastian Krahmer: "Re: Ports 0-1023?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jul 04 2002 - 10:58:21 PDT