Date: Tue, 17 Nov 1998 08:45:23 -0500 From: Adam Shostack <adam@homeport.org> To: Marc Slemko <marcs@znep.com>, Matthew Dillon <dillon@apollo.backplane.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Would this make FreeBSD more secure? Message-ID: <19981117084523.A17686@weathership.homeport.org> In-Reply-To: <Pine.BSF.4.05.9811161316100.12077-100000@alive.znep.com>; from Marc Slemko on Mon, Nov 16, 1998 at 01:22:47PM -0800 References: <199811161941.LAA21747@apollo.backplane.com> <Pine.BSF.4.05.9811161316100.12077-100000@alive.znep.com>
index | next in thread | previous in thread | raw e-mail
On Mon, Nov 16, 1998 at 01:22:47PM -0800, Marc Slemko wrote: | The other use, however, which is still very valid, is to secure the server | against untrusted users binding to the port. There are zillions of | protocols where the client can't verify the server in any useful way. | Requiring special privs. to bind to the port that the server runs as | helps this out in a big way. For this to be true, it requires that NT (which doesn't have a concept of privleged ports) to be removed from all server locations on the internet. While I'll agree that this is a useful security measure, its not particularly realistic, and we should consider giving up on this assumption. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the messagehelp
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19981117084523.A17686>