Date: Mon, 18 Nov 1996 08:37:34 +0100 From: Poul-Henning Kamp <phk@critter.tfs.com> To: newton@communica.com.au (Mark Newton) Cc: msmith@atrad.adelaide.edu.au (Michael Smith), imp@village.org, batie@agora.rdrop.com, adam@homeport.org, pgiffuni@fps.biblos.unal.edu.co, freebsd-security@FreeBSD.ORG Subject: Re: BoS: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2). Message-ID: <9222.848302654@critter.tfs.com> In-Reply-To: Your message of "Mon, 18 Nov 1996 15:05:38 %2B1030." <9611180435.AA17191@communica.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <9611180435.AA17191@communica.com.au>, Mark Newton writes: >port 25 as a daemon is because of the rather UNIX-centric view that TCP/IP >ports less than 1024 can only be allocated by a privileged user. TCP/IP >implementations on non-UNIX platforms disagree violently with this >assumption, which makes the value of this "security" feature rather dubious. Well, it's on the standard, so I wouldn't call it UNIX-centric. I also think you have not quite grasped this feature at all. What you can use if for is this: IFF i trust this machine AND the port is < 1024 THEN I know that I'm dealing with something the administrator setup. ELSE God knows. If you don't trust the machine, and you shouldn't unless you know how it's administrated, the port# is meaningless. -- Poul-Henning Kamp | phk@FreeBSD.ORG FreeBSD Core-team. http://www.freebsd.org/~phk | phk@login.dknet.dk Private mailbox. whois: [PHK] | phk@ref.tfs.com TRW Financial Systems, Inc. Future will arrive by its own means, progress not so.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9222.848302654>