Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 27 Mar 1997 06:38:58 -0700 (MST)
From:      Marc Slemko <marcs@znep.com>
To:        "Thomas H. Ptacek" <tqbf@enteract.com>
Cc:        freebsd-security@freebsd.org
Subject:   Re: Privileged ports...
Message-ID:  <Pine.BSF.3.95.970327063025.13195A-100000@alive.znep.com>
In-Reply-To: <199703261847.MAA28329@enteract.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 26 Mar 1997, Thomas H. Ptacek wrote:

> > for each low numbered port?  It seems that (modulo configuration being
> > a little painful) this offers the best of both worlds--control over
> > low numbered ports, but anyone can bind to a port with root's
> 
> Not only is inetd's configuration much longer, but if it dies (or, more
> specifically, if an attacker can kill it), your system becomes completely
> insecure. I think it's a bad idea to have security issues rely on the
> survival of userland processes.
> 
> Am I wrong?

I agree completely with you.  It is a very bad thing.  Start with the fact
that, by default, inetd limits services to being called 256 times a minute
and then shuts them off and then move on to more devious ways you could
sometimes sneak in; it is relatively secure by Unix standards but if you
are doing things that way for security it isn't secure enough.

The proper way is to simply make a program (or extend sysctl to deal
nicely with large ranges where you don't want to normally show items that
are set to a particular default but still allow them to be changed) that
handles setting it then add a few lines of code to the kernel to allow you
to set the uid who can bind to each priv'd port.  There are 1764 other
things that it would be useful to be able to set in a similar way,
although many of them can be implemented as sysctl variables right now
without much hassle.




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95.970327063025.13195A-100000>