From owner-freebsd-security Sun Nov 17 21:06:12 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id VAA10401 for security-outgoing; Sun, 17 Nov 1996 21:06:12 -0800 (PST) Received: from salsa.gv.ssi1.com (salsa.gv.ssi1.com [146.252.44.194]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id VAA10393 for ; Sun, 17 Nov 1996 21:06:01 -0800 (PST) Received: (from gdonl@localhost) by salsa.gv.ssi1.com (8.7.5/8.7.3) id VAA14699; Sun, 17 Nov 1996 21:05:18 -0800 (PST) From: Don Lewis Message-Id: <199611180505.VAA14699@salsa.gv.ssi1.com> Date: Sun, 17 Nov 1996 21:05:18 -0800 In-Reply-To: newton@communica.com.au (Mark Newton) "Re: BoS: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2)." (Nov 18, 3:05pm) X-Mailer: Mail User's Shell (7.2.6 alpha(3) 7/19/95) To: newton@communica.com.au (Mark Newton), msmith@atrad.adelaide.edu.au (Michael Smith) Subject: Re: BoS: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2). Cc: imp@village.org, batie@agora.rdrop.com, adam@homeport.org, pgiffuni@fps.biblos.unal.edu.co, freebsd-security@FreeBSD.ORG Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Nov 18, 3:05pm, Mark Newton wrote: } Subject: Re: BoS: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2). } Michael Smith wrote: } > but his point is } > valid. In fact, if it were possible to be non-root and bind to port 25, } } That's a wonderful point: The only reason sendmail needs root to bind to } port 25 as a daemon is because of the rather UNIX-centric view that TCP/IP } ports less than 1024 can only be allocated by a privileged user. TCP/IP } implementations on non-UNIX platforms disagree violently with this } assumption, which makes the value of this "security" feature rather dubious. And on those platforms, J. Random user could intercept all incoming mail. Binding a socket to port 23 would be a good way to collect telnet passwords, too ;-) --- Truck