Bugtraq mailing list archives

Re: Is starting a user program on priv port via inetd dangerous ?

From: jmc () gnu ai mit edu (jmc () gnu ai mit edu)
Date: Fri, 22 Jul 1994 14:19:45 -0400 (EDT)


Your average BSD rlogind will check the port the connection comes from, so
I assume they all do when they come from your trusty vendor, to make sure
it is within the range 512 to 1024, or more precisely, the upper half of
whatever it believes is the range for priviledged ports to be (there's a
kernel variable on Solaris2 for this...I'm curious about what happens when
this becomes 0 :-)

So straight away, this puts 194 out of the market.

What if it were 594 ?


And then there's the case of tcp/ip implementations that come with no
such meaning. i.e I can bind any port I want on those. IBM's tcp/ip
for VM does this, most pc's do this, etc. The problem with VM's is
that unlike the pc generally, it comes with a complete bsdish 
networking library. So, it's relatively easy to spoof sockets from
these then. i.e don't put mainframe's in your .rhosts :-) (I have
seen people do this).

James

Current thread:

Re: Sending escape sequences to xterms via wall/talk, (continued)
- - - Re: Sending escape sequences to xterms via wall/talk Andrew Beckett (Jul 21)
    - setuid root programs and core dumps Rob Quinn (Jul 21)
    - Re: Sending escape sequences to xterms via wall/talk Paul Daw (Jul 21)
    - Re: Sending escape sequences to xterms via wall/talk Evil Pete (Jul 21)
    - Re: Sending escape sequences to xterms via wall/talk Christopher A. Stewart (Jul 21)
    - Re: Sending escape sequences to xterms via wall/talk pluvius (Jul 22)
    - Is starting a user program on priv port via inetd dangerous ? Doug McLaren (Jul 21)
    - Re: Is starting a user program on priv port via inetd dangerous ? Eric Murray (Jul 21)
    - Re: Is starting a user program on priv port via inetd dangerous ? matthew green (Jul 21)
    - Re: Is starting a user program on priv port via inetd dangerous ? Darren Reed (Jul 22)
    - Re: Is starting a user program on priv port via inetd dangerous ? jmc () gnu ai mit edu (Jul 22)
    - yes, there's another hole in BIND Paul A Vixie (Jul 21)
    - Re: yes, there's another hole in BIND Resident Hacker (Jul 22)
    - Re: yes, there's another hole in BIND Paul A Vixie (Jul 22)
    - Re: yes, there's another hole in BIND Perry E. Metzger (Jul 22)
    - Re: yes, there's another hole in BIND Pat Myrto (Jul 22)
    - Re: yes, there's another hole in BIND David Barr (Jul 22)
    - Re: yes, there's another hole in BIND Joe Hentzel (Jul 22)
    - *PLEASE* shut up Dave Sill (Jul 22)
    - Re: Is starting a user program on priv port via inetd dangerous ? Graham Toal (Jul 22)
    - Re: Sending escape sequences to xterms via wall/talk jmc () gnu ai mit edu (Jul 20)

(Thread continues...)