From owner-freebsd-security  Mon Nov  2 00:00:51 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id AAA27881
          for freebsd-security-outgoing; Mon, 2 Nov 1998 00:00:51 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from burka.rdy.com (burka.rdy.com [205.149.163.30])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id AAA27875
          for <freebsd-security@FreeBSD.ORG>; Mon, 2 Nov 1998 00:00:50 -0800 (PST)
          (envelope-from dima@burka.rdy.com)
Received: (from dima@localhost)
	by burka.rdy.com (8.8.8/RDY&DVV) id AAA26243;
	Mon, 2 Nov 1998 00:00:39 -0800 (PST)
Message-Id: <199811020800.AAA26243@burka.rdy.com>
Subject: Re: SSH vsprintf patch. (You've been warned Mr. Glass)
In-Reply-To: <Pine.BSF.4.02.9811020233260.17054-100000@sasami.jurai.net> from "Matthew N. Dodd" at "Nov 2, 1998  2:34:52 am"
To: winter@jurai.net (Matthew N. Dodd)
Date: Mon, 2 Nov 1998 00:00:38 -0800 (PST)
Cc: dima@best.net, jkb@best.com, peter.jeremy@auss2.alcatel.com.au,
        freebsd-security@FreeBSD.ORG
X-Class: Fast
Organization: HackerDome
Reply-To: dima@best.net
From: dima@best.net (Dima Ruban)
X-Mailer: ELM [version 2.4ME+ PL45 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Matthew N. Dodd writes:
> On Sun, 1 Nov 1998, Dima Ruban wrote:
> > Let me ask you this. Would you trust a packet that came from
> > non-priviledged port and which wants to do something that even
> > remotely should be secure?
> 
> The concept of 'secure port' is somewhat dated in this age of NT and Linux
> lusers.
> 
> The bar for entry onto the net is quite a bit lower than it was 10 years
> ago.
> 
> Trusting a 'secure port' is a good way to let someone else shoot you in
> the foot.

Heh. I see you run nfs on your machine. Now tell me, do you actually allow
weak NFS authentication, or do you actually somehow relie on a "priviledged
port" stuff?
I'm not arguing about whether it's good or bad to have priviledged ports as
they are now. All I'm saying is if packet came from a priviledged port, then
this packet was send by root. It's a totally different question whether
you can 100% believe this information.

> 
> -- 
> | Matthew N. Dodd  | 78 280Z | 75 164E | 84 245DL | FreeBSD/NetBSD/Sprite/VMS |
> | winter@jurai.net |      This Space For Rent     | ix86,sparc,m68k,pmax,vax  |
> | http://www.jurai.net/~winter | Are you k-rad elite enough for my webpage?   |
> 

-- dima

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message