Date: Thu, 27 Mar 1997 06:38:58 -0700 (MST) From: Marc Slemko <marcs@znep.com> To: "Thomas H. Ptacek" <tqbf@enteract.com> Cc: freebsd-security@freebsd.org Subject: Re: Privileged ports... Message-ID: <Pine.BSF.3.95.970327063025.13195A-100000@alive.znep.com> In-Reply-To: <199703261847.MAA28329@enteract.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 26 Mar 1997, Thomas H. Ptacek wrote: > > for each low numbered port? It seems that (modulo configuration being > > a little painful) this offers the best of both worlds--control over > > low numbered ports, but anyone can bind to a port with root's > > Not only is inetd's configuration much longer, but if it dies (or, more > specifically, if an attacker can kill it), your system becomes completely > insecure. I think it's a bad idea to have security issues rely on the > survival of userland processes. > > Am I wrong? I agree completely with you. It is a very bad thing. Start with the fact that, by default, inetd limits services to being called 256 times a minute and then shuts them off and then move on to more devious ways you could sometimes sneak in; it is relatively secure by Unix standards but if you are doing things that way for security it isn't secure enough. The proper way is to simply make a program (or extend sysctl to deal nicely with large ranges where you don't want to normally show items that are set to a particular default but still allow them to be changed) that handles setting it then add a few lines of code to the kernel to allow you to set the uid who can bind to each priv'd port. There are 1764 other things that it would be useful to be able to set in a similar way, although many of them can be implemented as sysctl variables right now without much hassle.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95.970327063025.13195A-100000>