Subject: Re: $HOSTALIASES thing.
To: matthew green <email@example.com>
From: Robert Elz <kre@munnari.OZ.AU>
Date: 11/04/2000 13:15:55
Date: Sat, 04 Nov 2000 12:59:32 +1100
From: matthew green <firstname.lastname@example.org>
| actually, more and more of my machines are running with NOIPPRIVPORTS
| because i don't believe in any of the "security" associated with priv ports
If you're thinking of the security associated with priv ports as being
"that connection came from port 513, hence I really can trust that the
user is who he claims to be, because that kernel wouldn't lie to me"
then you're right, that's bogus.
But the other kind of security associated with priv ports is completely
valid and workable, that's the one that stops (pseudo-code)
s = socket();
sa.s_port = htons(23);
sa.s_addr = IN_ADDR_ANY;
so any random user can start their own telnet server on the box. Of course,
on a firewall, you don't have random users, and you tightly control the
applications, so there it really doesn't matter - but in general, priv ports
are still definitely a needed thing.