Date: Mon, 16 Nov 1998 13:22:47 -0800 (PST) From: Marc Slemko <marcs@znep.com> To: Matthew Dillon <dillon@apollo.backplane.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Would this make FreeBSD more secure? Message-ID: <Pine.BSF.4.05.9811161316100.12077-100000@alive.znep.com> In-Reply-To: <199811161941.LAA21747@apollo.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 16 Nov 1998, Matthew Dillon wrote: > > We define several capabilities right off the bat: > > RCAPF_LOWPORT allow binding to low ports No. Again, read the archives. All this has been gone over and over. This makes things LESS secure in general. If programs have this ability, now they can't give it up. So suddenly all those simple programs that used to bind to the port and setuid() can't do that any more. Now if you compromise one program, you can compromise them all. There are some advantages to adding this functionality and some things which it can help, but you need to be very careful or you end up in a bigger mess than you were before. Your claim that the concept of secure ports is somewhat obsolete misses half the equation: one use of secure ports is to authenticate a source system. That was always a bad idea. The other use, however, which is still very valid, is to secure the server against untrusted users binding to the port. There are zillions of protocols where the client can't verify the server in any useful way. Requiring special privs. to bind to the port that the server runs as helps this out in a big way. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9811161316100.12077-100000>