Date: Thu, 16 Aug 2001 09:09:11 -0700 From: "Crist J. Clark" <cristjc@earthlink.net> To: Maxim Sobolev <sobomax@FreeBSD.org> Cc: cjclark@alum.mit.edu, Robert Watson <rwatson@FreeBSD.org>, David Malone <dwmalone@maths.tcd.ie>, Mikhail Teterin <mi@aldan.algebra.com>, alex@big.endian.de, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/etc inetd.conf Message-ID: <20010816090911.A4232@blossom.cjclark.org> In-Reply-To: <3B7B896F.F0F8F244@FreeBSD.org>; from sobomax@FreeBSD.org on Thu, Aug 16, 2001 at 11:50:55AM %2B0300 References: <20010815123315.A35365@walton.maths.tcd.ie> <Pine.NEB.3.96L.1010815125441.81642C-100000@fledge.watson.org> <20010816000823.H330@blossom.cjclark.org> <3B7B896F.F0F8F244@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Aug 16, 2001 at 11:50:55AM +0300, Maxim Sobolev wrote: [snip] > There is another problem with unprivileging ports below < 1024 - the local user > potentialy may DOS service by binding to the same port when the service restarts > (for example sysadmin restarts it by -HUP signal). I guess it should be relatively > easy to write an exploit that constantly monitors whether specified port is binded > or not and immediately binds to it once the port for some reason is free. I hear this argument frequently, but it does not really hold water. There are a lot of standard services that live above 1023, some extremely sensitive, take NFS for example or how about nearly all other RPC services. I have never heard of malicious local users trying to DoS these services in such a manner. It is easy enough for an adninistrator to fix the problem (kill the daemon watching for the port to open, kill the listening process, lock the account of the offending user). Windows systems have no concept of privileged ports and I have never seen this type of exploit against a NT or 2k server. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010816090911.A4232>