[923] in bugtraq
Re: Request for discussion.
daemon@ATHENA.MIT.EDU (Karl Strickland)
Mon Feb 6 23:16:22 1995
From: Karl Strickland <karl@bagpuss.demon.co.uk>
To: Timothy Newsham <newsham@aloha.net>
Date: Tue, 7 Feb 1995 02:46:44 +0000 (GMT)
Cc: dawagner@phoenix.Princeton.EDU, bugtraq@fc.net
In-Reply-To: <m0rbaG8-000a1kC@hookomo> from "Timothy Newsham" at Feb 6, 95 10:42:08 am
> > > - run network daemons with lower priveledges.
> > > discussion: Why are so many net daemons run as root?
> >
> > I speculate because they want to bind to privileged ports.
> > [Yes, I know that's not a good reason.]
>
> Telnetd runs as root. I haven't gone in and looked at it yet
> but some things it doesnt need root for are:
>
> (1) Binding to port 23 - inetd does that.
True
> (2) Setting the users id - login does that.
By the same token, many people dont run /bin/login suid root. So in this
instance, you're just swapping one privileged program for another? Is
login better to have running as root than telnetd? I can think of more
published holes in login.
Also what about changing ownership/permissions of your pty (on BSD based
pty systems) on login/logout, and writing wtmp records on logout?
------------------------------------------+-----------------------------------
Mailed using ELM on FreeBSD | Karl Strickland
PGP 2.3a Public Key Available. | Internet: karl@bagpuss.demon.co.uk
|
