Date: Sun, 17 Nov 1996 21:54:06 -0700 From: Warner Losh <imp@village.org> To: newton@communica.com.au (Mark Newton) Cc: msmith@atrad.adelaide.edu.au (Michael Smith), batie@agora.rdrop.com, adam@homeport.org, pgiffuni@fps.biblos.unal.edu.co, freebsd-security@freebsd.org Subject: Re: BoS: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2). Message-ID: <E0vPLig-0003lG-00@rover.village.org> In-Reply-To: Your message of "Mon, 18 Nov 1996 15:05:38 %2B1030." <9611180435.AA17191@communica.com.au> References: <9611180435.AA17191@communica.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <9611180435.AA17191@communica.com.au> Mark Newton writes: : That's a wonderful point: The only reason sendmail needs root to bind to : port 25 as a daemon is because of the rather UNIX-centric view that TCP/IP : ports less than 1024 can only be allocated by a privileged user. TCP/IP : implementations on non-UNIX platforms disagree violently with this : assumption, which makes the value of this "security" feature rather dubious. : : It would be foolish of me to argue to have it changed, though :-) Sense sendmail closes port 25 when the load average is high, it would be a bad idea to allow just anybody to bind to port 25 in this case. Just a few forks, wait for the load avarage to get high, then grab the port.... :-) The binding to ports < 1024 on the local system being restricted to non-normal users is a good thing. Sadly, on Unix you can't do much better than having it being root, since most Unix systems aren't designed to have fine grain system privs. It is hard to design a foolproof mail system, because the fools out there are so engenious.... Warner
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E0vPLig-0003lG-00>