From owner-cvs-all Thu Aug 16 9: 9:37 2001 Delivered-To: cvs-all@freebsd.org Received: from albatross.prod.itd.earthlink.net (albatross.mail.pas.earthlink.net [207.217.120.120]) by hub.freebsd.org (Postfix) with ESMTP id 0CA6F37B421; Thu, 16 Aug 2001 09:09:21 -0700 (PDT) (envelope-from cjc@earthlink.net) Received: from blossom.cjclark.org (pool1059.cvx20-bradley.dialup.earthlink.net [209.179.254.39]) by albatross.prod.itd.earthlink.net (EL-8_9_3_3/8.9.3) with ESMTP id JAA01156; Thu, 16 Aug 2001 09:09:16 -0700 (PDT) Received: (from cjc@localhost) by blossom.cjclark.org (8.11.4/8.11.3) id f7GG9C604885; Thu, 16 Aug 2001 09:09:12 -0700 (PDT) (envelope-from cjc) Date: Thu, 16 Aug 2001 09:09:11 -0700 From: "Crist J. Clark" To: Maxim Sobolev Cc: cjclark@alum.mit.edu, Robert Watson , David Malone , Mikhail Teterin , alex@big.endian.de, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/etc inetd.conf Message-ID: <20010816090911.A4232@blossom.cjclark.org> Reply-To: cjclark@alum.mit.edu References: <20010815123315.A35365@walton.maths.tcd.ie> <20010816000823.H330@blossom.cjclark.org> <3B7B896F.F0F8F244@FreeBSD.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <3B7B896F.F0F8F244@FreeBSD.org>; from sobomax@FreeBSD.org on Thu, Aug 16, 2001 at 11:50:55AM +0300 Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Thu, Aug 16, 2001 at 11:50:55AM +0300, Maxim Sobolev wrote: [snip] > There is another problem with unprivileging ports below < 1024 - the local user > potentialy may DOS service by binding to the same port when the service restarts > (for example sysadmin restarts it by -HUP signal). I guess it should be relatively > easy to write an exploit that constantly monitors whether specified port is binded > or not and immediately binds to it once the port for some reason is free. I hear this argument frequently, but it does not really hold water. There are a lot of standard services that live above 1023, some extremely sensitive, take NFS for example or how about nearly all other RPC services. I have never heard of malicious local users trying to DoS these services in such a manner. It is easy enough for an adninistrator to fix the problem (kill the daemon watching for the port to open, kill the listening process, lock the account of the offending user). Windows systems have no concept of privileged ports and I have never seen this type of exploit against a NT or 2k server. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message