Blue Boar wrote: > Is there any point in needing to be root in order to allocate the low > ports on unix-like systems, anymore? Like most things TCP/IP, the 1023 limit is a leftover from a carefree, trustworthy and long-ago era. Security-wise and considering the current state of hack technology, it is merely a minor nuisance; i.e., a non-issue. However, 99.99% of computer users, at all levels, are not devious social miscreants hellbent on DoSsing Yahoo and the 1023 limit serves, IMHO, as a warning bell preventing unwitting and unknowing users from trampling over their vital services whose well-known-ports have been assigned "below the line" for this reason. Implementation-wise, I think this is a cheaper and easier way to accomplish that, than with alternatives like port-ACL's or the like, which will be by their very nature over-the-top for most newbies. Beware that the Linux revolution on one hand and Apple's MacOS X on the other will be ushering a whole new and hopefully abundant crowd of inexperienced Unix users, many of whom have absolutely no interest or desire in exploring the finer points of system administration; they just "want to get the job done", even though they may screw up the rest of the network in their blissful ignorance. And we all know that many if not most default, out-of-the-box, system configurations are a security nightmare and a hacker's paradise, and will remain so during the entire lifecycle of the machine. J. Courcoul
This archive was generated by hypermail 2b30 : Thu Jul 04 2002 - 11:24:36 PDT