Date: 21 Jun 1999 14:55:04 +0200 From: Dag-Erling Smorgrav <des@flood.ping.uio.no> To: Michael Richards <026809r@dragon.acadiau.ca> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Allowing non root users to bind low ports Message-ID: <xzpemj590if.fsf@flood.ping.uio.no> In-Reply-To: Michael Richards's message of "Sun, 20 Jun 1999 12:45:40 -0300 (ADT)" References: <Pine.GSO.4.05.9906201243140.13617-100000@dragon>
next in thread | previous in thread | raw e-mail | index | archive | help
Michael Richards <026809r@dragon.acadiau.ca> writes: > I was giving this concept a little thought. If I'm not root and I can bind > a low port, let's say the telnet port. I could write myself a fake telnet > daemon and run it. Sooner or later, someone is going to try using it... > This whole thing about non-root users binding to low ports would only be > useful if there are no shell accounts on a machine IMO. Well, duh. That's why we want to turn this off before going multiuser (but after starting stuff like sendmail etc.) Of course, a better solution would be ACLs. DES -- Dag-Erling Smorgrav - des@flood.ping.uio.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzpemj590if.fsf>