From owner-freebsd-security Sun Nov 17 23:55:22 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id XAA20474 for security-outgoing; Sun, 17 Nov 1996 23:55:22 -0800 (PST) Received: from offensive.communica.com.au (offensive-eth1.adl.communica.com.au [192.82.222.18]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id XAA20394 for ; Sun, 17 Nov 1996 23:53:18 -0800 (PST) Received: from communica.com.au (frenzy.communica.com.au [192.82.222.65]) by offensive.communica.com.au (8.7.6/8.7.3) with SMTP id SAA00388; Mon, 18 Nov 1996 18:21:37 +1030 (CST) Received: by communica.com.au (4.1/SMI-4.1) id AA18891; Mon, 18 Nov 96 18:21:30 CDT From: newton@communica.com.au (Mark Newton) Message-Id: <9611180751.AA18891@communica.com.au> Subject: Re: BoS: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2). To: phk@critter.tfs.com (Poul-Henning Kamp) Date: Mon, 18 Nov 1996 18:21:30 +1030 (CST) Cc: newton@communica.com.au, msmith@atrad.adelaide.edu.au, imp@village.org, batie@agora.rdrop.com, adam@homeport.org, pgiffuni@fps.biblos.unal.edu.co, freebsd-security@FreeBSD.ORG In-Reply-To: <9222.848302654@critter.tfs.com> from "Poul-Henning Kamp" at Nov 18, 96 08:37:34 am X-Mailer: ELM [version 2.4 PL21] Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 8bit Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk Poul-Henning Kamp wrote: > In message <9611180435.AA17191@communica.com.au>, Mark Newton writes: > >port 25 as a daemon is because of the rather UNIX-centric view that TCP/IP > >ports less than 1024 can only be allocated by a privileged user. TCP/IP > >implementations on non-UNIX platforms disagree violently with this > >assumption, which makes the value of this "security" feature rather dubious. > > Well, it's on the standard, so I wouldn't call it UNIX-centric. It's the standard in the UNIX world (that's why I called it UNIX-centric). non-UNIX implementations of TCP/IP don't even necessarily run on machines which support the concept of superuser, and out of those which do some don't restrict < 1024 to privileged users. > I also think you have not quite grasped this feature at all. I have grasped the feature; I know precisely what it is attempting to achieve. I just see it as a relic from days-gone-by when the only systems on the planet which ran TCP/IP were UNIX machines. > IFF i trust this machine AND the port is < 1024 THEN ^^^^^^^^^^^^^^^^^^^^^^^^ This is the bit that breaks down on the Internet. If you don't trust the machine at the other end, all bets are off. > If you don't trust the machine, and you shouldn't unless you know how > it's administrated, the port# is meaningless. Precisely. And I've never attempted to imply anything more or less than this. This is just a diversion, btw. We now return you to your regularly scheduled Subject: lines :-) - mark --- Mark Newton Email: newton@communica.com.au Systems Engineer Phone: +61-8-8373-2523 Communica Systems WWW: http://www.communica.com.au