From owner-freebsd-security Wed Mar 26 08:37:14 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id IAA21821 for security-outgoing; Wed, 26 Mar 1997 08:37:14 -0800 (PST) Received: from homeport.org (lighthouse.homeport.org [205.136.65.198]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id IAA21806 for ; Wed, 26 Mar 1997 08:37:06 -0800 (PST) Received: (adam@localhost) by homeport.org (8.8.5/8.6.9) id LAA15307; Wed, 26 Mar 1997 11:31:57 -0500 (EST) From: Adam Shostack Message-Id: <199703261631.LAA15307@homeport.org> Subject: Re: Privileged ports... In-Reply-To: <199703261441.GAA12899@root.com> from David Greenman at "Mar 26, 97 06:41:11 am" To: dg@root.com Date: Wed, 26 Mar 1997 11:31:57 -0500 (EST) Cc: adrian@obiwan.aceonline.com.au, tqbf@enteract.com, freebsd-security@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL27 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk What if you allow anyone to bind to any port, and at the same time, make inted.conf much longer, so that theres a line of the form noservice-513 stream tcp nowait nobody /usr/sbin/close close for each low numbered port? It seems that (modulo configuration being a little painful) this offers the best of both worlds--control over low numbered ports, but anyone can bind to a port with root's permission. That permission is given in a config file for a program, not hard coded into the kernel. (It might also be possible to extend the inetd config language so that it recognized a noservice- token to mean bind to that port, and don't let anything else use it.) This has the nice(?) side effect of messing up a log of simple minded security scanners (like strobe). Adam David Greenman wrote: | >The only problem here is that it kinda defeats the whole purpose of prived | >ports in the first place. I guess the whole thing here is to write small | >programs that do the necessary SUID bit, then drop back down into | >nonrootland to continue. | > | >David (and anyone else interested) - I'd be very interested in hearing | >what security holes would be introduced by having a UID (or GID) to bind | >to priv'ed ports. | | None that I can think of if I understand you correctly. The thing you | want to prevent is regular users being able to bind to a privileged port. | It would take an average cracker less than 5 minutes to whip up a couple | of really nasty programs (such as one that pretends to be rlogin - claiming | to be some other user). As long as you retain control over who/what can | bind to the privileged ports, I don't see any problem. -- "It is seldom that liberty of any kind is lost all at once." -Hume