Re: Ports 0-1023?

From: Robert Bihlmeyer (robbeat_private)
Date: Mon Jul 08 2002 - 11:57:41 PDT

Next message: FX: "RE: Default passwords for TSO and CICS ?"

Previous message: Blue Boar: "Re: Ports 0-1023?"
In reply to: Blue Boar: "Re: Ports 0-1023?"
Next in thread: Dawes, Rogan (ZA - Johannesburg): "RE: Ports 0-1023?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Blue Boar <BlueBoarat_private> writes:

> With the proposed change, sshd could only get root if someone with the
> actual root password comes along and hands it to the sshd.

Keep in mind that password is far from the only method to authenticate
with sshd. IOW that involves much work, and the gain over a privsep'd
sshd is not that great.

imapd or similar could be better targets: since modern Unices support
fd passing over process boundaries, it should be possible to build a
portable daemon that, in exchange for a user's password, would return
a O_RDWR file descriptor to that user's mail spool. This way imapd
only needs root for bind() and can drop it immediately (or you run it
from inetd and friends).

-- 
Robbe

application/pgp-signature attachment: signature.ng

Next message: FX: "RE: Default passwords for TSO and CICS ?"
Previous message: Blue Boar: "Re: Ports 0-1023?"
In reply to: Blue Boar: "Re: Ports 0-1023?"
Next in thread: Dawes, Rogan (ZA - Johannesburg): "RE: Ports 0-1023?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jul 08 2002 - 13:48:23 PDT