Vulnerability Development mailing list archives

Re: Ports 0-1023?

From: David Schwartz <davids () webmaster com>
Date: Thu, 4 Jul 2002 08:55:03 -0700


On Thu, 04 Jul 2002 00:05:16 -0700, Blue Boar wrote:

Is there any point in needing to be root in order to allocate the low ports
on unix-like systems, anymore?  Could we get away from having to have some
daemons even have a root stub in order to listen on a low port?  What would
break, and what new holes would be created?  Could some sort of port ACL
simply be used that says a particular UID can allocate a particular range
of ports?

Discuss.


        Imagine if inetd crashes or someone finds a way to crash it. They then set
up their own telnet daemon on port 23 and capture passwords. Not good.

        I'm safe, you say, because I don't use telnet, I only use secure login tools
like ssh. You're dreaming, I say, a trojaned ssh could do just as much damage
even though it can't acquire the password since it can do a chown/chmod+s.

        This sounds like a very bad idea to me.

        DS

Current thread:

Re: Ports 0-1023?, (continued)
- - - Re: Ports 0-1023? Charles 'core' Stevenson (Jul 06)
    - Re: Ports 0-1023? Bruno Morisson (Jul 07)
    - Re: Ports 0-1023? Brian Hatch (Jul 08)
    - Re: Ports 0-1023? Bruno Morisson (Jul 08)
- Re: Ports 0-1023? Martin Mačok (Jul 04)
  - Re: Ports 0-1023? Michal Zalewski (Jul 04)
- Re: Ports 0-1023? Nate Amsden (Jul 04)
- Re: Ports 0-1023? gminick (Jul 04)
- Re: Ports 0-1023? Brian Hatch (Jul 04)
  - Re: Ports 0-1023? Kent Crispin (Jul 04)
- Re: Ports 0-1023? David Schwartz (Jul 04)
- RE: Ports 0-1023? Amanda Jones (Jul 04)
  - RE: Ports 0-1023? Michal Zalewski (Jul 04)
- Re: Ports 0-1023? Dan Kaminsky (Jul 04)
- Re: Ports 0-1023? Michal Zalewski (Jul 04)
  - Re: Ports 0-1023? Sebastian Krahmer (Jul 05)
- Re: Ports 0-1023? robbe (Jul 04)
- Re: Ports 0-1023? Dave Aitel (Jul 04)
  - Re: Ports 0-1023? Michal Zalewski (Jul 04)
  - Re: Ports 0-1023? hicks (Jul 04)
- Re: Ports 0-1023? Juan M. Courcoul (Jul 04)

(Thread continues...)