Vulnerability Development mailing list archives
Re: Ports 0-1023?
From: Robert Bihlmeyer <robbe () orcus priv at>
Date: 08 Jul 2002 20:57:41 +0200
Blue Boar <BlueBoar () thievco com> writes:
With the proposed change, sshd could only get root if someone with the actual root password comes along and hands it to the sshd.
Keep in mind that password is far from the only method to authenticate with sshd. IOW that involves much work, and the gain over a privsep'd sshd is not that great. imapd or similar could be better targets: since modern Unices support fd passing over process boundaries, it should be possible to build a portable daemon that, in exchange for a user's password, would return a O_RDWR file descriptor to that user's mail spool. This way imapd only needs root for bind() and can drop it immediately (or you run it from inetd and friends). -- Robbe
Attachment:
signature.ng
Description:
Current thread:
- Re: Ports 0-1023?, (continued)
- Re: Ports 0-1023? George W. Capehart (Jul 05)
- Ports 0-1023? alex (Jul 04)
- Re: Ports 0-1023? Michal Zalewski (Jul 04)
- Re: Ports 0-1023? Blue Boar (Jul 04)
- Re: Ports 0-1023? Brian Hatch (Jul 04)
- Re: Ports 0-1023? Blue Boar (Jul 04)
- Re: Ports 0-1023? Brian Hatch (Jul 05)
- Re: Ports 0-1023? Clint Byrum (Jul 05)
- Re: Ports 0-1023? Brian Hatch (Jul 04)
- Re: Ports 0-1023? Robert Bihlmeyer (Jul 08)
- Re: Ports 0-1023? Blue Boar (Jul 08)
- Re: Ports 0-1023? Robert Bihlmeyer (Jul 08)