Date: Thu, 16 Aug 2001 08:18:35 -0400 From: "James E. Housley" <jeh@FreeBSD.org> To: Maxim Sobolev <sobomax@FreeBSD.org> Cc: cjclark@alum.mit.edu, Robert Watson <rwatson@FreeBSD.org>, David Malone <dwmalone@maths.tcd.ie>, Mikhail Teterin <mi@aldan.algebra.com>, alex@big.endian.de, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/etc inetd.conf Message-ID: <3B7BBA1B.26E728EE@FreeBSD.org> References: <20010815123315.A35365@walton.maths.tcd.ie> <Pine.NEB.3.96L.1010815125441.81642C-100000@fledge.watson.org> <20010816000823.H330@blossom.cjclark.org> <3B7B896F.F0F8F244@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Maxim Sobolev wrote: > > "Crist J. Clark" wrote: > > > When are we just going to give up the now rather silly concept of > > "privileged ports?" Security on a UNIX platform gets _better_ when > > non-root processes can open ports <1024. Since no one (except for a > > limited few people on highly controlled, isolated networks) should > > ever trust remote machine, using a port <1024 is meaningless to the > > remote machine. It's also only an UNIX anachronism, and therefore > > meaningless in a heterogeneous environment. > > > > It would be so-o nice to have a sysctl(8) to turn off privileged > > ports and not have to worry about all of these problems with named(8), > > syslogd(8), ftpd(8), etc. If I do the work, is anyone going to fight > > committing it? > > There is another problem with unprivileging ports below < 1024 - the local user > potentialy may DOS service by binding to the same port when the service restarts > (for example sysadmin restarts it by -HUP signal). I guess it should be relatively > easy to write an exploit that constantly monitors whether specified port is binded > or not and immediately binds to it once the port for some reason is free. > One option that might make every one happy is three values for this new sysctl. 0 = default 1 = protected 2 = open Where: "default" is the current mode, have to be uid=0 to bind to a port < 1024 "protected" is where you have to have a uid<1000, or some set number, to bind to a port<1024. In standard installs users uid seem to start at either 1000 or 1001, this would let the created uid, ie 53 for bind, 88 for mysql, 80 for www, etc to bind to these ports but still offer some protection from a DOS like Maxim mentions. "open" any uid could bind to a port<1024 Jim -- /"\ ASCII Ribbon Campaign . \ / - NO HTML/RTF in e-mail . X - NO Word docs in e-mail . / \ ----------------------------------------------------------------- jeh@FreeBSD.org http://www.FreeBSD.org The Power to Serve jim@TheHousleys.Net http://www.TheHousleys.net --------------------------------------------------------------------- The wise man built his network upon Un*x. The foolish man built his network upon Windows. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3B7BBA1B.26E728EE>