Date: Wed, 26 Mar 1997 11:36:29 -0600 (CST) From: "Thomas H. Ptacek" <tqbf@enteract.com> To: dg@root.com Cc: tqbf@enteract.com, freebsd-security@FreeBSD.ORG Subject: Re: Privileged ports... Message-ID: <199703261736.LAA18425@enteract.com> In-Reply-To: <199703260733.XAA10931@root.com> from "David Greenman" at Mar 25, 97 11:33:21 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> ...and creating a gaping security whole at the same time. I sure hope > you're not doing this on any shell account machines and you completely > trust any users that you have. Read the entire message before responding, please. Again, obviously, if you're using ruserok() authenticating daemons, or anything else reliant on a binding to a privileged port as a sign of local privilege (such as the mount daemon's check), the ability to compromise resv_uid or resv_gid is a problem. Of course, it's absolutely no more of a problem than it is now - it's just as hard to compromise an individual UID as it is to compromise root. Either way, you're going to wind up doing it through a hole in rlogin or rsh. However, with configurable uids and gids for privileged port binding, a hole in rlogin isn't going to get you root... just the potential to get root via interactions with other daemons. However, if no such daemons are present on your system, the ability to bind a privileged port doesn't do much for you at all. A network without rlogind, rshd, and NFS shouldn't be too concerned, and there are other reasons to use the rlogin client besides the lame ruserok() trust thing. Incidentally, the patch I posted changes nothing in the way privileged ports work (by default). You'll still need suser() to get at a low port, unless you override it with sysctl, which was all I was going for. Thanks for your comments. ---------------- Thomas Ptacek at EnterAct, L.L.C., Chicago, IL [tqbf@enteract.com] ---------------- "If you're so special, why aren't you dead?"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199703261736.LAA18425>