[3865] in linux-net channel archive
Re: Why retain privileged ports?
daemon@ATHENA.MIT.EDU (Stephen C. Tweedie)
Fri Jul 26 08:19:00 1996
Date: Thu, 25 Jul 1996 18:41:53 +0100
From: "Stephen C. Tweedie" <sct@dcs.ed.ac.uk>
To: Boris Tobotras <tobotras@jet.msk.su>
Cc: linux-net@vger.rutgers.edu
In-Reply-To: <m0uj73r-000EpfC@jet.msk.su>
Hi,
On Wed, 24 Jul 1996 13:45:23 -0300, Boris Tobotras
<tobotras@jet.msk.su> said:
> As far as I understand, the concept of having privileged
> TCP/UDP ports opens one of biggest security hole in Un*x world. And,
> it's ability to protect net services from unprivileged access has
> been compromised many years ago with emerging of personal systems
> without any real root account protection.
No, that's not true. The principle of privileged ports is there to
permit security enforcement within a single security domain, not
between security domains. It is a way of protecting the root
processes on one or more systems from the activities of unprivileged
users on those same systems. It is not, and never has been, a way of
protecting against things like packets sniffers or spoofers, or
against new machines popping up on a wire. You need a combination of
physical security and measures such as ssh or kerberos to get that.
Cheers,
Stephen.
--
Stephen Tweedie <sct@dcs.ed.ac.uk>
Department of Computer Science, Edinburgh University, Scotland.
