Date: Wed, 26 Mar 1997 11:31:57 -0500 (EST) From: Adam Shostack <adam@homeport.org> To: dg@root.com Cc: adrian@obiwan.aceonline.com.au, tqbf@enteract.com, freebsd-security@FreeBSD.ORG Subject: Re: Privileged ports... Message-ID: <199703261631.LAA15307@homeport.org> In-Reply-To: <199703261441.GAA12899@root.com> from David Greenman at "Mar 26, 97 06:41:11 am"
next in thread | previous in thread | raw e-mail | index | archive | help
What if you allow anyone to bind to any port, and at the same time, make inted.conf much longer, so that theres a line of the form noservice-513 stream tcp nowait nobody /usr/sbin/close close for each low numbered port? It seems that (modulo configuration being a little painful) this offers the best of both worlds--control over low numbered ports, but anyone can bind to a port with root's permission. That permission is given in a config file for a program, not hard coded into the kernel. (It might also be possible to extend the inetd config language so that it recognized a noservice- token to mean bind to that port, and don't let anything else use it.) This has the nice(?) side effect of messing up a log of simple minded security scanners (like strobe). Adam David Greenman wrote: | >The only problem here is that it kinda defeats the whole purpose of prived | >ports in the first place. I guess the whole thing here is to write small | >programs that do the necessary SUID bit, then drop back down into | >nonrootland to continue. | > | >David (and anyone else interested) - I'd be very interested in hearing | >what security holes would be introduced by having a UID (or GID) to bind | >to priv'ed ports. | | None that I can think of if I understand you correctly. The thing you | want to prevent is regular users being able to bind to a privileged port. | It would take an average cracker less than 5 minutes to whip up a couple | of really nasty programs (such as one that pretends to be rlogin - claiming | to be some other user). As long as you retain control over who/what can | bind to the privileged ports, I don't see any problem. -- "It is seldom that liberty of any kind is lost all at once." -Hume
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199703261631.LAA15307>