Bugtraq mailing list archives
Re: ftpd: the advisory version
From: smb () RESEARCH ATT COM (Steven M. Bellovin)
Date: Wed, 5 Jul 2000 20:46:34 -0400
In message <200007021934.MAA01251@lart>, Tom Perrine writes: ...
However, the port-1024 thing must be laid directly at the feet of the Berkeley folks. That ports<1024 must be "trusted" (for various values of "trust") was a hack they put in so that they could delegate responsibilty for authenticaion and other things to the client-side host in the notorious "r-command" protocols. "Of course we can trust this unencrypted, unverified data; it came from a host somewhere that was probably running UNIX, and from a low-numbered port, therefore it was running as root, and therefore should be trusted completely, no additional authentication required."
...
To be slightly less inflammatory, they (Berkeley) were quite correct in their port 1024 hack, based on their assumptions:
No, they weren't, and they knew it. Dragging out my ancient 4.2bsd manual: "The authentication procedure used here assumes the integrity of each client machine and the connecting medium. This is insecure, but is useful in an "open" environment. "A facility to allow all data exchanges to be encrypted should be present." They used the word "insecure", not me...
Current thread:
- Re: ftpd: the advisory version, (continued)
- Re: ftpd: the advisory version David Maxwell (Jul 07)
- Re: ftpd: the advisory version D. J. Bernstein (Jul 10)
- Re: ftpd: the advisory version Richard Rager (Jul 11)
- Infosec.20000712.worldclient.2.1 Rikard Carlsson (Jul 12)
- ANNOUNCE Apache::ASP v1.95 - Security Hole Fixed J C (Jul 10)
- Novell Border Manger - Anyone can pose as an authenticated user Coward, Anonymous (Jul 07)
- [RHSA-2000:042-01] BitchX denial of service vulnerability bugzilla () REDHAT COM (Jul 06)