From owner-cvs-all  Thu Aug 16  9: 9:37 2001
Delivered-To: cvs-all@freebsd.org
Received: from albatross.prod.itd.earthlink.net (albatross.mail.pas.earthlink.net [207.217.120.120])
	by hub.freebsd.org (Postfix) with ESMTP
	id 0CA6F37B421; Thu, 16 Aug 2001 09:09:21 -0700 (PDT)
	(envelope-from cjc@earthlink.net)
Received: from blossom.cjclark.org (pool1059.cvx20-bradley.dialup.earthlink.net [209.179.254.39])
	by albatross.prod.itd.earthlink.net (EL-8_9_3_3/8.9.3) with ESMTP id JAA01156;
	Thu, 16 Aug 2001 09:09:16 -0700 (PDT)
Received: (from cjc@localhost)
	by blossom.cjclark.org (8.11.4/8.11.3) id f7GG9C604885;
	Thu, 16 Aug 2001 09:09:12 -0700 (PDT)
	(envelope-from cjc)
Date: Thu, 16 Aug 2001 09:09:11 -0700
From: "Crist J. Clark" <cristjc@earthlink.net>
To: Maxim Sobolev <sobomax@FreeBSD.org>
Cc: cjclark@alum.mit.edu, Robert Watson <rwatson@FreeBSD.org>,
	David Malone <dwmalone@maths.tcd.ie>,
	Mikhail Teterin <mi@aldan.algebra.com>, alex@big.endian.de,
	cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/etc inetd.conf
Message-ID: <20010816090911.A4232@blossom.cjclark.org>
Reply-To: cjclark@alum.mit.edu
References: <20010815123315.A35365@walton.maths.tcd.ie> <Pine.NEB.3.96L.1010815125441.81642C-100000@fledge.watson.org> <20010816000823.H330@blossom.cjclark.org> <3B7B896F.F0F8F244@FreeBSD.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <3B7B896F.F0F8F244@FreeBSD.org>; from sobomax@FreeBSD.org on Thu, Aug 16, 2001 at 11:50:55AM +0300
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG

On Thu, Aug 16, 2001 at 11:50:55AM +0300, Maxim Sobolev wrote:

[snip]

> There is another problem with unprivileging ports below < 1024 - the local user
> potentialy may DOS service by binding to the same port when the service restarts
> (for example sysadmin restarts it by -HUP signal). I guess it should be relatively
> easy to write an exploit that constantly monitors whether specified port is binded
> or not and immediately binds to it once the port for some reason is free.

I hear this argument frequently, but it does not really hold
water. There are a lot of standard services that live above 1023, some
extremely sensitive, take NFS for example or how about nearly all
other RPC services. I have never heard of malicious local users trying
to DoS these services in such a manner. It is easy enough for an
adninistrator to fix the problem (kill the daemon watching for the
port to open, kill the listening process, lock the account of the
offending user). Windows systems have no concept of privileged ports
and I have never seen this type of exploit against a NT or 2k server.
-- 
Crist J. Clark                           cjclark@alum.mit.edu

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message