From owner-freebsd-security Mon Nov 18 00:41:06 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id AAA22775 for security-outgoing; Mon, 18 Nov 1996 00:41:06 -0800 (PST) Received: from critter.tfs.com ([140.145.230.177]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id AAA22763; Mon, 18 Nov 1996 00:40:47 -0800 (PST) Received: from critter.tfs.com (localhost.phk.dk [127.0.0.1]) by critter.tfs.com (8.8.2/8.8.2) with ESMTP id JAA09423; Mon, 18 Nov 1996 09:41:08 +0100 (MET) To: newton@communica.com.au (Mark Newton) cc: msmith@atrad.adelaide.edu.au, imp@village.org, batie@agora.rdrop.com, adam@homeport.org, pgiffuni@fps.biblos.unal.edu.co, freebsd-security@FreeBSD.ORG Subject: Re: BoS: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2). In-reply-to: Your message of "Mon, 18 Nov 1996 18:21:30 +1030." <9611180751.AA18891@communica.com.au> Date: Mon, 18 Nov 1996 09:41:07 +0100 Message-ID: <9421.848306467@critter.tfs.com> From: Poul-Henning Kamp Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk In message <9611180751.AA18891@communica.com.au>, Mark Newton writes: >Poul-Henning Kamp wrote: > > > In message <9611180435.AA17191@communica.com.au>, Mark Newton writes: > > >port 25 as a daemon is because of the rather UNIX-centric view that TCP/IP > > >ports less than 1024 can only be allocated by a privileged user. TCP/IP > > >implementations on non-UNIX platforms disagree violently with this > > >assumption, which makes the value of this "security" feature rather dubiou >s. > > > > Well, it's on the standard, so I wouldn't call it UNIX-centric. > >It's the standard in the UNIX world (that's why I called it UNIX-centric). >non-UNIX implementations of TCP/IP don't even necessarily run on machines >which support the concept of superuser, and out of those which do some >don't restrict < 1024 to privileged users. Read the host-requirements RFC and become wiser. > > I also think you have not quite grasped this feature at all. > >I have grasped the feature; I know precisely what it is attempting to >achieve. I just see it as a relic from days-gone-by when the only systems >on the planet which ran TCP/IP were UNIX machines. Well, you still havn't grasped it. I say it again, because I'm sure you didn't: Read the host-requirements RFC and become wiser. > > > IFF i trust this machine AND the port is < 1024 THEN > ^^^^^^^^^^^^^^^^^^^^^^^^ >This is the bit that breaks down on the Internet. If you don't trust >the machine at the other end, all bets are off. Of course. That is rather evident. But it so happens that I do trust some machines, or rather the people behind the machines, and then this feature comes handy. -- Poul-Henning Kamp | phk@FreeBSD.ORG FreeBSD Core-team. http://www.freebsd.org/~phk | phk@login.dknet.dk Private mailbox. whois: [PHK] | phk@ref.tfs.com TRW Financial Systems, Inc. Future will arrive by its own means, progress not so.