Vulnerability Development mailing list archives
Re: Ports 0-1023?
From: Michal Zalewski <lcamtuf () coredump cx>
Date: Thu, 4 Jul 2002 14:18:24 -0400 (EDT)
On Thu, 4 Jul 2002, [iso-8859-1] alex wrote:
The assumption was that if the system administrator ran it, then it must be trustworthy). This thinking harks back to an era when SysAdmins were a select breed, not just any punk with a linux box. Nowaydays it has been realised that trusting any other machine, even on your home network, is naive (because it could have been subverted).
No, that's not really like that. If you have a server, you expect that whatever is served on low ports (such as 80), is put there by the administrator / the owner of this machine, and not by any of 1000 other users that, say, pay them for mail accounts. Simple as that. Of course, whole privilege system on a generic Unix is badly outdated and insufficient, but for as long as you have to live with it, this is the best you can get.
So the extra risk run giving these daemons extra privilege is wasted, I think.
Many daemons would still have to keep root privileges. SSH, telnet, ftp, pop3, Sendmail and many more would most likely require root at some point. With many services, you could possibly force them to start with non-root privileges, but I bet you would most likely break some stuff and open new security problems (remember the Sendmail issue with setuid() failing on Linux with broken capabilities?). Many services just assume they succeeded with some things, since they should be running as root at this point. For some system calls, semantics is different depending on uid, this may be dangerous too. I think it is easier to check whether given service actually successfully dropped the privileges on your system. -- _____________________________________________________ Michal Zalewski [lcamtuf () bos bindview com] [security] [http://lcamtuf.coredump.cx] <=-=> bash$ :(){ :|:&};: =-=> Did you know that clones never use mirrors? <=-= http://lcamtuf.coredump.cx/photo/
Current thread:
- Re: Ports 0-1023?, (continued)
- Re: Ports 0-1023? Michal Zalewski (Jul 04)
- Re: Ports 0-1023? hicks (Jul 04)
- Re: Ports 0-1023? Juan M. Courcoul (Jul 04)
- Re: Ports 0-1023? Mark Ruth (Jul 04)
- Re: Ports 0-1023? Bruno Morisson (Jul 04)
- Re: Ports 0-1023? gminick (Jul 04)
- Re: Ports 0-1023? Bruno Morisson (Jul 04)
- Re: Ports 0-1023? gminick (Jul 05)
- Re: Ports 0-1023? George W. Capehart (Jul 05)
- Re: Ports 0-1023? Bruno Morisson (Jul 04)
- Re: Ports 0-1023? Michal Zalewski (Jul 04)
- Re: Ports 0-1023? Brian Hatch (Jul 04)
- Re: Ports 0-1023? Blue Boar (Jul 04)
- Re: Ports 0-1023? Brian Hatch (Jul 05)
- Re: Ports 0-1023? Clint Byrum (Jul 05)
- Re: Ports 0-1023? Blue Boar (Jul 08)
- Re: Ports 0-1023? Robert Bihlmeyer (Jul 08)