Date: 23 Jun 1999 10:19:18 +0200 From: Dag-Erling Smorgrav <des@flood.ping.uio.no> To: Andrew McNaughton <andrew@scoop.co.nz> Cc: Dag-Erling Smorgrav <des@flood.ping.uio.no>, Michael Richards <026809r@dragon.acadiau.ca>, freebsd-security@FreeBSD.ORG Subject: Re: Allowing non root users to bind low ports Message-ID: <xzpu2rzjpmh.fsf@flood.ping.uio.no> In-Reply-To: Andrew McNaughton's message of "Wed, 23 Jun 1999 05:58:36 %2B1200" References: <199906221758.FAA07268@aniwa.sky>
next in thread | previous in thread | raw e-mail | index | archive | help
Andrew McNaughton <andrew@scoop.co.nz> writes: > > Michael Richards <026809r@dragon.acadiau.ca> writes: > > > I was giving this concept a little thought. If I'm not root and I can bind > > > a low port, let's say the telnet port. I could write myself a fake telnet > > > daemon and run it. Sooner or later, someone is going to try using it... > > > This whole thing about non-root users binding to low ports would only be > > > useful if there are no shell accounts on a machine IMO. > > Well, duh. That's why we want to turn this off before going multiuser > > (but after starting stuff like sendmail etc.) > That approach is of limited use unless you're prepared to reboot your machine > every time you want to change your sendmail configuration. > > Sounds too much like Windows for my liking. Nothing short of reconfiguring > the kernel or a make world should require a reboot. Gee, man, ever heard of the security/usability tradeoff? Of course you wouldn't do that on a box unless you were sure it was already configured properly. Please try to understand what the discussion is about before butting in. DES -- Dag-Erling Smorgrav - des@flood.ping.uio.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzpu2rzjpmh.fsf>