Vulnerability Development mailing list archives

Re: Ports 0-1023?

From: Michal Zalewski <lcamtuf () coredump cx>
Date: Thu, 4 Jul 2002 10:46:52 -0400 (EDT)

On Thu, 4 Jul 2002, Blue Boar wrote:

Is there any point in needing to be root in order to allocate the low ports
on unix-like systems, anymore?


As long as you keep the old privilege model, of course. You don't want
your users to bind port 25 when Sendmail goes down for a short while
(actually, you can induce it pretty easily in certain configurations).

Could some sort of port ACL simply be used that says a particular UID
can allocate a particular range of ports?


It would be desired for all Unix systems to have an extensive ACL system
enabled by default (not something like Linux capabilities), but I doubt
it'll happen any time soon.

-- 
_____________________________________________________
Michal Zalewski [lcamtuf () bos bindview com] [security]
[http://lcamtuf.coredump.cx] <=-=> bash$ :(){ :|:&};:
=-=> Did you know that clones never use mirrors? <=-=
          http://lcamtuf.coredump.cx/photo/

Current thread:

Re: Ports 0-1023?, (continued)
- Re: Ports 0-1023? Martin Mačok (Jul 04)
  - Re: Ports 0-1023? Michal Zalewski (Jul 04)
- Re: Ports 0-1023? Nate Amsden (Jul 04)
- Re: Ports 0-1023? gminick (Jul 04)
- Re: Ports 0-1023? Brian Hatch (Jul 04)
  - Re: Ports 0-1023? Kent Crispin (Jul 04)
- Re: Ports 0-1023? David Schwartz (Jul 04)
- RE: Ports 0-1023? Amanda Jones (Jul 04)
  - RE: Ports 0-1023? Michal Zalewski (Jul 04)
- Re: Ports 0-1023? Dan Kaminsky (Jul 04)
- Re: Ports 0-1023? Michal Zalewski (Jul 04)
  - Re: Ports 0-1023? Sebastian Krahmer (Jul 05)
- Re: Ports 0-1023? robbe (Jul 04)
- Re: Ports 0-1023? Dave Aitel (Jul 04)
  - Re: Ports 0-1023? Michal Zalewski (Jul 04)
  - Re: Ports 0-1023? hicks (Jul 04)
- Re: Ports 0-1023? Juan M. Courcoul (Jul 04)
- Re: Ports 0-1023? Mark Ruth (Jul 04)
  - Re: Ports 0-1023? Bruno Morisson (Jul 04)
    - Re: Ports 0-1023? gminick (Jul 04)
    - Re: Ports 0-1023? Bruno Morisson (Jul 04)

(Thread continues...)