From owner-freebsd-chat Tue Feb 6 1:11:36 2001 Delivered-To: freebsd-chat@freebsd.org Received: from mailhost01.reflexnet.net (mailhost01.reflexnet.net [64.6.192.82]) by hub.freebsd.org (Postfix) with ESMTP id 27E8237B699 for ; Tue, 6 Feb 2001 01:11:08 -0800 (PST) Received: from rfx-216-196-73-168.users.reflexcom.com ([216.196.73.168]) by mailhost01.reflexnet.net with Microsoft SMTPSVC(5.5.1877.197.19); Tue, 6 Feb 2001 01:09:10 -0800 Received: (from cjc@localhost) by rfx-216-196-73-168.users.reflexcom.com (8.11.1/8.11.1) id f1699ij78638; Tue, 6 Feb 2001 01:09:44 -0800 (PST) (envelope-from cjc) Date: Tue, 6 Feb 2001 01:09:43 -0800 From: "Crist J. Clark" To: Terry Lambert Cc: Brett Glass , Rahul Siddharthan , freebsd-chat@FreeBSD.ORG Subject: Re: UNIX-like approach to software and system architecture Message-ID: <20010206010943.H91447@rfx-216-196-73-168.users.reflex> Reply-To: cjclark@alum.mit.edu References: <4.3.2.7.2.20010204080917.049ecca0@localhost> <200102060328.UAA08814@usr08.primenet.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <200102060328.UAA08814@usr08.primenet.com>; from tlambert@primenet.com on Tue, Feb 06, 2001 at 03:28:44AM +0000 Sender: owner-freebsd-chat@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, Feb 06, 2001 at 03:28:44AM +0000, Terry Lambert wrote: [snip] > Actually, SCO had a fix for this a long time ago, where they > had the ability to permit particular programs to do things, > like bind reserved ports, as an attribute of the program (VMS > did this too, with its concept of "installed images"), and > not require that such programs run as root. Adding this > feature to FreeBSD would go a long way toward resolving the > "root exploit" problem. I think an even better fix is the option to do away with the privileged ports altogether. Priv'ed ports also date back to the time when "we were all friends..." Well, a lot of the idea of privileged ports was that we are at least friends with the other administrators, not necessarily their users. On the modern 'Net (Internet and most intranets too) where any luser 0wnz their own box, the idea that one can trust a privileged port more than any other an unknown machine is ludicrous. On a machine dedicated to doing DNS, webserving, or even a single-user desktop, why even bother with privileged ports? It just makes you run something like a DNS server at higher privs that it really should need. A sysctl or even a kernel option to turn off privileged ports would be neat (and I was for some reason under the impression there was one until I actually tried to find one the other day), but I'm afraid the concept of privileged ports run very deeply in UNIX-type OSes and may be hard "to just turn off." Before someone brings it up, yes, privileged ports still do have a place on isolated clusters of multi-user machines under uniform administration or where the admins still trust each other. Yes, allowing unprivileged users to <1024 ports does allow them to do things like spoof your DNS server should they crack the box and crash the DNS. But if they crashed it and cracked your box as root, they could have a lot more. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message