Subject: Re: $HOSTALIASES thing.
To: Robert Elz <kre@munnari.OZ.AU>
From: Andrew Brown <>
List: tech-kern
Date: 11/04/2000 01:24:44
>But the other kind of security associated with priv ports is completely
>valid and workable, that's the one that stops (pseudo-code)
>	s = socket();
>	sa.s_port = htons(23);
>	sa.s_addr = IN_ADDR_ANY;
>	bind(s, &sa);
>	listen(s);
>so any random user can start their own telnet server on the box.   Of course,
>on a firewall, you don't have random users, and you tightly control the
>applications, so there it really doesn't matter - but in general, priv ports
>are still definitely a needed thing.

that isn't so much the problem, but that joe user can do

	s = socket();
	sa.s_port = htons(23);
	sa.s_addr = <your_ip_address>;
	bind(s, &sa);

and catch all inbound telnet attempts since inetd only listens on
IN_ADDR_ANY.  that's bad, and, for example, *anyone* can do that to
your x server since it listens on *.6000.

|-----< "CODE WARRIOR" >-----|             * "ah!  i see you have the internet (Andrew Brown)                that goes *ping*!"       * "information is power -- share the wealth."