From owner-freebsd-hackers  Sat Nov 23 22:32:13 1996
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id WAA01033
          for hackers-outgoing; Sat, 23 Nov 1996 22:32:13 -0800 (PST)
Received: from rover.village.org (rover.village.org [204.144.255.49])
          by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id WAA01027
          for <freebsd-hackers@freebsd.org>; Sat, 23 Nov 1996 22:32:08 -0800 (PST)
Received: from rover.village.org [127.0.0.1] 
	by rover.village.org with esmtp (Exim 0.56 #1)
	id E0vRY6j-0004Ps-00; Sat, 23 Nov 1996 23:32:01 -0700
To: Mikael Karpberg <karpen@ocean.campus.luth.se>
Subject: Re: non-root users binding to ports < 1024 
Cc: freebsd-hackers@freebsd.org
In-reply-to: Your message of "Sun, 24 Nov 1996 04:07:57 +0100."
		<199611240307.EAA06738@ocean.campus.luth.se> 
References: <199611240307.EAA06738@ocean.campus.luth.se>  
Date: Sat, 23 Nov 1996 23:32:01 -0700
From: Warner Losh <imp@village.org>
Message-Id: <E0vRY6j-0004Ps-00@rover.village.org>
Sender: owner-hackers@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

In message <199611240307.EAA06738@ocean.campus.luth.se> Mikael Karpberg writes:
: I might be wrong, but doesn't rlogin for example bind to a port < 1024
: on OUTGOING connections, to make itself trustworthy? It's setuid root,
: and could be just setuid bindlow or some other normal user, that would just
: have one extra permission: To bind to all ports < 1024, special sensitive
: ports excluded. I'm user more programs then rlogin could use that user also.

True.  My solution would be poorly suited for doing that.  It would
eliminate the need for other programs to bind to the ports to listen
for inbound connections.  Reducing the number is still a win :-).

: As I see it, any unneccesary priviliges to setuid programs is just asking
: for trouble.

Agreed.

Warner