From owner-freebsd-security  Sun Nov 17 23:38:00 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id XAA19379
          for security-outgoing; Sun, 17 Nov 1996 23:38:00 -0800 (PST)
Received: from critter.tfs.com ([140.145.230.177])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id XAA19350;
          Sun, 17 Nov 1996 23:37:22 -0800 (PST)
Received: from critter.tfs.com (localhost.phk.dk [127.0.0.1]) by critter.tfs.com (8.8.2/8.8.2) with ESMTP id IAA09224; Mon, 18 Nov 1996 08:37:34 +0100 (MET)
To: newton@communica.com.au (Mark Newton)
cc: msmith@atrad.adelaide.edu.au (Michael Smith), imp@village.org,
        batie@agora.rdrop.com, adam@homeport.org,
        pgiffuni@fps.biblos.unal.edu.co, freebsd-security@FreeBSD.ORG
Subject: Re: BoS: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2). 
In-reply-to: Your message of "Mon, 18 Nov 1996 15:05:38 +1030."
             <9611180435.AA17191@communica.com.au> 
Date: Mon, 18 Nov 1996 08:37:34 +0100
Message-ID: <9222.848302654@critter.tfs.com>
From: Poul-Henning Kamp <phk@critter.tfs.com>
Sender: owner-security@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

In message <9611180435.AA17191@communica.com.au>, Mark Newton writes:
>port 25 as a daemon is because of the rather UNIX-centric view that TCP/IP
>ports less than 1024 can only be allocated by a privileged user.  TCP/IP
>implementations on non-UNIX platforms disagree violently with this
>assumption, which makes the value of this "security" feature rather dubious.

Well, it's on the standard, so I wouldn't call it UNIX-centric.

I also think you have not quite grasped this feature at all.  What you 
can use if for is this:

	IFF i trust this machine AND the port is < 1024 THEN
		I know that I'm dealing with something the 
		administrator setup.
	ELSE
		God knows.

If you don't trust the machine, and you shouldn't unless you know how
it's administrated, the port# is meaningless.
	
--
Poul-Henning Kamp           | phk@FreeBSD.ORG       FreeBSD Core-team.
http://www.freebsd.org/~phk | phk@login.dknet.dk    Private mailbox.
whois: [PHK]                | phk@ref.tfs.com       TRW Financial Systems, Inc.
Future will arrive by its own means, progress not so.