Re: Is this mail list dead?

["Michael H. Warfield" <mhw@wittsend.com>]

On Mon, Mar 12, 2001 at 09:07:41PM -0800, Crispin Cowan wrote:
> Tracy R Reed wrote:
> 
> > Is there really any reason to require programs to be run as root to bind
> > to ports <1024 anymore? I was just discussing this with some friends after
> > the regular LUG meeting at Denny's the other day. That's where the best
> > LUG conversation happens. :) There used to be a good reason for it but
> > nowadays it seems like an unnecessary liability. Fixing this is probably a
> > very simple little patch.

> How else would you (say) enforce that only the Duly Authorized Mailserver is
> the one listening to example.com:25 ?  If anyone can bind to port 25, then
> anyone can kick the authorized mail server over (go find some DoS) and start
> your own mail server.  Repeat as necessary for various other important
> services that bind to well-known ports <1024.

	Capabilities specifically enabling an application to bind to
a specific port?

> Did your Denny's study group :-) have a solution to this problem?  NT doesn't
> enforce this restriction, but NT sucks anyway :-)

> Crispin

> --
> Crispin Cowan, Ph.D.
> Chief Research Scientist, WireX Communications, Inc. http://wirex.com
> Free Hardened Linux Distribution:                    http://immunix.org

	Mike
-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw@WittsEnd.com
  (The Mad Wizard)      |  (678) 463-0932   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!

-
Securedistros: A common list for all secured Linux distributions
Archive:       http://humbolt.nl.linux.org/lists/