[3878] in linux-net channel archive
Re: Why retain privileged ports?
daemon@ATHENA.MIT.EDU (Olaf Titz)
Fri Jul 26 20:34:48 1996
Apparently-To: <submit-linux-dev-net@ratatosk.yggdrasil.com>
From: Olaf Titz <olaf@bigred.inka.de>
Date: 26 Jul 1996 12:13:32 +0200
To: ;@unlisted-recipients (no To-header on input)
Boris Tobotras <tobotras@jet.msk.su> wrote:
> As far as I understand, the concept of having privileged TCP/UDP ports
> opens one of biggest security hole in Un*x world. And, it's ability to
Not by itself but by its mis-use. Go by the fundamental principle
"trust root on your own manchine but don't trust root on any other
machine". If you are user on a multiuser Un*x box, it largely helps
you to know that (e.g.) incoming SMTP is handled by a program that was
started by root, instead of some other user. This is assured by the
privileged port principle.
What does _not_ help, and what really opens up security holes, is to
"know" that a connection comes from "root" on another box. I.e. rlogin
and the like, these are broken as designed.
olaf
--
___ Olaf.Titz@inka.de or @{stud,informatik}.uni-karlsruhe.de ____
__ o <URL:http://www.inka.de/~bigred/> <IRC:praetorius>
__/<_ >> Just as long as the wheels keep on turning round
_)>(_)______________ I will live for the groove 'til the sun goes down << ____
