Re: Is this mail list dead?

[Crispin Cowan <crispin@wirex.com>]

Tracy R Reed wrote:

> Is there really any reason to require programs to be run as root to bind
> to ports <1024 anymore? I was just discussing this with some friends after
> the regular LUG meeting at Denny's the other day. That's where the best
> LUG conversation happens. :) There used to be a good reason for it but
> nowadays it seems like an unnecessary liability. Fixing this is probably a
> very simple little patch.

How else would you (say) enforce that only the Duly Authorized Mailserver is
the one listening to example.com:25 ?  If anyone can bind to port 25, then
anyone can kick the authorized mail server over (go find some DoS) and start
your own mail server.  Repeat as necessary for various other important
services that bind to well-known ports <1024.

Did your Denny's study group :-) have a solution to this problem?  NT doesn't
enforce this restriction, but NT sucks anyway :-)

Crispin

--
Crispin Cowan, Ph.D.
Chief Research Scientist, WireX Communications, Inc. http://wirex.com
Free Hardened Linux Distribution:                    http://immunix.org



-
Securedistros: A common list for all secured Linux distributions
Archive:       http://humbolt.nl.linux.org/lists/