From owner-freebsd-security  Wed Mar 26 06:40:15 1997
Return-Path: <owner-security>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.5/8.8.5) id GAA11999
          for security-outgoing; Wed, 26 Mar 1997 06:40:15 -0800 (PST)
Received: from root.com (implode.root.com [198.145.90.17])
          by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id GAA11987
          for <freebsd-security@FreeBSD.ORG>; Wed, 26 Mar 1997 06:40:11 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by root.com (8.8.5/8.6.5) with SMTP id GAA12899; Wed, 26 Mar 1997 06:41:11 -0800 (PST)
Message-Id: <199703261441.GAA12899@root.com>
X-Authentication-Warning: implode.root.com: localhost [127.0.0.1] didn't use HELO protocol
To: Adrian Chadd <adrian@obiwan.aceonline.com.au>
cc: tqbf@enteract.com, freebsd-security@FreeBSD.ORG
Subject: Re: Privileged ports... 
In-reply-to: Your message of "Wed, 26 Mar 1997 22:19:55 +0800."
             <Pine.BSF.3.95q.970326220852.29096A-100000@obiwan.aceonline.com.au> 
From: David Greenman <dg@root.com>
Reply-To: dg@root.com
Date: Wed, 26 Mar 1997 06:41:11 -0800
Sender: owner-security@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

>The only problem here is that it kinda defeats the whole purpose of prived
>ports in the first place. I guess the whole thing here is to write small
>programs that do the necessary SUID bit, then drop back down into
>nonrootland to continue.
>
>David (and anyone else interested) - I'd be very interested in hearing
>what security holes would be introduced by having a UID (or GID) to bind
>to priv'ed ports. 

   None that I can think of if I understand you correctly. The thing you
want to prevent is regular users being able to bind to a privileged port.
It would take an average cracker less than 5 minutes to whip up a couple
of really nasty programs (such as one that pretends to be rlogin - claiming
to be some other user). As long as you retain control over who/what can
bind to the privileged ports, I don't see any problem.

>Surely there must be a nicer way :)

   It would be nice if FreeBSD had account privileges ala VMS. You could then
have fine grain control over what 'privileged' programs can do, thus limiting
the vulnerabilites. I've been thinking about this on occasion for many years
and have discussed the idea with several other people. There are a lot of
details...it's not as easy as it might seem.

-DG

David Greenman
Core-team/Principal Architect, The FreeBSD Project