Date: Fri, 28 Mar 1997 11:59:12 +0800 (WST) From: Adrian Chadd <adrian@obiwan.aceonline.com.au> To: "Thomas H. Ptacek" <tqbf@enteract.com> Cc: marcs@znep.com, freebsd-security@freebsd.org Subject: Re: Privileged ports... Message-ID: <Pine.BSF.3.95q.970328115548.375C-100000@obiwan.aceonline.com.au> In-Reply-To: <199703271941.NAA23050@enteract.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 27 Mar 1997, Thomas H. Ptacek wrote: [cut] > Why do you want a UID per reserved port? What is this getting you? > Cause if someone breaks into sendmail (for example), in itself they couldn't do anything, but cause they are the same UID as all the other processes bound to priv'ed ports, its "lets-take-over-the-system-daemon" time .. maybe. Basically its so if someone finds a hole in a certain service, than that service would be affected, and not the others.. (Then you could implement nice checks on the process statistics, or something or other, to notice when a different program was started, or the executable was modified..) Can you tell I'm paranoid yet? :) > ---------------- > Thomas Ptacek at EnterAct, L.L.C., Chicago, IL [tqbf@enteract.com] > ---------------- > "If you're so special, why aren't you dead?" > > > -- Adrian Chadd | UNIX, MS-DOS and Windows ... <adrian@psinet.net.au> | (also known as the Good, the bad and the | ugly..)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95q.970328115548.375C-100000>