Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 18 Nov 1996 18:21:30 +1030 (CST)
From:      newton@communica.com.au (Mark Newton)
To:        phk@critter.tfs.com (Poul-Henning Kamp)
Cc:        newton@communica.com.au, msmith@atrad.adelaide.edu.au, imp@village.org, batie@agora.rdrop.com, adam@homeport.org, pgiffuni@fps.biblos.unal.edu.co, freebsd-security@FreeBSD.ORG
Subject:   Re: BoS: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2).
Message-ID:  <9611180751.AA18891@communica.com.au>
In-Reply-To: <9222.848302654@critter.tfs.com> from "Poul-Henning Kamp" at Nov 18, 96 08:37:34 am

next in thread | previous in thread | raw e-mail | index | archive | help
Poul-Henning Kamp wrote:

 > In message <9611180435.AA17191@communica.com.au>, Mark Newton writes:
 > >port 25 as a daemon is because of the rather UNIX-centric view that TCP/IP
 > >ports less than 1024 can only be allocated by a privileged user.  TCP/IP
 > >implementations on non-UNIX platforms disagree violently with this
 > >assumption, which makes the value of this "security" feature rather dubious.
 > 
 > Well, it's on the standard, so I wouldn't call it UNIX-centric.

It's the standard in the UNIX world (that's why I called it UNIX-centric).
non-UNIX implementations of TCP/IP don't even necessarily run on machines
which support the concept of superuser, and out of those which do some 
don't restrict < 1024 to privileged users.

 > I also think you have not quite grasped this feature at all. 

I have grasped the feature;  I know precisely what it is attempting to
achieve.  I just see it as a relic from days-gone-by when the only systems
on the planet which ran TCP/IP were UNIX machines.

 > 	IFF i trust this machine AND the port is < 1024 THEN
        ^^^^^^^^^^^^^^^^^^^^^^^^
This is the bit that breaks down on the Internet.  If you don't trust
the machine at the other end, all bets are off.

 > If you don't trust the machine, and you shouldn't unless you know how
 > it's administrated, the port# is meaningless.

Precisely.  And I've never attempted to imply anything more or less than
this.

This is just a diversion, btw.  We now return you to your regularly scheduled
Subject: lines :-)

   - mark

---
Mark Newton                               Email: newton@communica.com.au
Systems Engineer                          Phone: +61-8-8373-2523
Communica Systems                         WWW:   http://www.communica.com.au



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9611180751.AA18891>