Subject: Re: building a userland interface to a kernel structure
To: None <current-users@netbsd.org>
From: Greg A. Woods <woods@most.weird.com>
List: current-users
Date: 01/13/1999 12:34:35
[ On Tue, January 12, 1999 at 23:45:18 (-0800), dustin sallings wrote: ]
> Subject: Re: building a userland interface to a kernel structure
>
> On Wed, 13 Jan 1999, Greg A. Woods wrote:
>
> // Of course you may find it easier in your application to just turn
> // off reserved ports completely (and disable any applications that put
> // any trust in such things).
>
> Like my mail system and web server? It's trivial to get sendmail
> to free its binding to port 25, and if some random user does that on my
> shell machine and suddenly decides that *he's* the mail server now,
> that'll be a problem for me. Same for the web server, or ssh, etc...
Well, I wouldn't be running a mailer or a web server or any other kind
of server on a machine that's got random users running amok on it. If
they manage to shut down sshd, well then they'll have to crack root too
before they can trojan it with a valid private host key....
However on a fully configured Unix system which runs all kinds of
services *and* has random shell users, etc., you probably do not want to
ever give non-root users the ability to bind to ports < 1024 since this
opens up far too many covert channels and opportunities for trojan
services, etc.
In any case how you control these kinds of things is very specific to
the requirements and design of each unique environment.
--
Greg A. Woods
+1 416 218-0098 VE3TCP <gwoods@acm.org> <robohack!woods>
Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>