From owner-freebsd-security  Mon Nov  2 05:09:39 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id FAA07859
          for freebsd-security-outgoing; Mon, 2 Nov 1998 05:09:39 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from ocean.campus.luth.se (ocean.campus.luth.se [130.240.194.116])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id FAA07840
          for <freebsd-security@FreeBSD.ORG>; Mon, 2 Nov 1998 05:09:35 -0800 (PST)
          (envelope-from karpen@ocean.campus.luth.se)
Received: (from karpen@localhost)
	by ocean.campus.luth.se (8.9.1/8.9.1) id OAA24194;
	Mon, 2 Nov 1998 14:03:45 +0100 (CET)
	(envelope-from karpen)
From: Mikael Karpberg <karpen@ocean.campus.luth.se>
Message-Id: <199811021303.OAA24194@ocean.campus.luth.se>
Subject: Re: SSH vsprintf patch. (You've been warned Mr. Glass)
In-Reply-To: <199811020832.AAA15786@biggusdiskus.flyingfox.com> from Jim Shankland at "Nov 2, 98 00:32:12 am"
To: jas@flyingfox.com (Jim Shankland)
Date: Mon, 2 Nov 1998 14:03:45 +0100 (CET)
Cc: dima@best.net, freebsd-security@FreeBSD.ORG
X-Mailer: ELM [version 2.4ME+ PL32 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

According to Jim Shankland:
> dima@best.net (Dima Ruban) writes:
> 
> > Let me ask you this. Would you trust a packet that came from
> > non-priviledged port and which wants to do something that even
> > remotely should be secure?
> 
> No.  Same as for a packet that came from a privileged port.
> 
> A packet's source port is a pretty weak authenticator, to coin
> an understatement.

Why? I'd say it's a pretty safe way of authentication. Specially as a
first check, before you move on to stronger checks. I'd say you can't
spoof it, since the trusted machines on your net (and you check that it's
a trusted machine first, you know) will not let any user grab such ports,
and you (OFCOURSE!!!) have a firewall or router between your net and the
internet that will reject any incomming packets with source addreses from
the inside net.

It's all in the enviroment.

  /Mikael

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message