On Thu, 2002-07-04 at 03:05, Blue Boar wrote: > Is there any point in needing to be root in order to allocate the low ports > on unix-like systems, anymore? Could we get away from having to have some > daemons even have a root stub in order to listen on a low port? What would > break, and what new holes would be created? Could some sort of port ACL > simply be used that says a particular UID can allocate a particular range > of ports? > > Discuss. > > BB > > I think rsh would break, along with everything else that makes access control decisions based on this feature. Realistically, every OS has always had a local exploit for its entire history. Local access protections keep honest people honest, and do very little else. Why not just run every process as root and get rid of all the other pesky conventions? The more you get into ACLs, the more you move to an NT-style "everything is complicated" permissions system. This increases complexity and demonstrably decreases overall security (how many services don't run as SYSTEM these days? Any?). Dave Aitel Immunity, Inc Download BodyGuard, stop being owned: http://www.immunitysec.com/bodyguard.html
This archive was generated by hypermail 2b30 : Thu Jul 04 2002 - 11:21:12 PDT