Firewall Wizards mailing list archives
Ports and privileges
From: Chris Pugrud <ChrisP () steldyn com>
Date: Fri, 20 Feb 1998 13:17:47 -0700
I know that _one_ of the primary reasons for all of the workarounds in doing suid and chroot is because many of these programs need to run as root (yes, chroot has many other uses). Why do they need to run as root? The primary reasons seems to be so that they can open privileged ports. How hard would it be to modify the stack (say Linux) so that I can run an unprivileged program on a low port (say 80)? Why would this be a bad thing? I understand the original concept, to keep users from running programs on privileged ports, but firewalls don't have users. Is there another logical reason that this step is not taken. Why can't I have a compile time option of "Disable privileged port restrictions?" Or is this coded so deeply in the system that it would just be a nightmare? Is the privileged port concept just a fuzzy glossover for some hidden primary issue that I don't want unprivileged uid's running on "privileged" ports on a firewall? I know I am not the first person to follow this logic chain. What I want to know is why isn't it being done. Thoughts, Chris
Current thread:
- Ports and privileges Chris Pugrud (Feb 20)
- Re: Ports and privileges James W. Abendschan (Feb 24)
- Re: Ports and privileges tqbf (Feb 25)
- Re: Ports and privileges James W. Abendschan (Feb 25)
- Re: Ports and privileges tqbf (Feb 25)
- Re: Ports and privileges Bernhard Schneck (Feb 27)
- Re: Ports and privileges tqbf (Feb 28)
- Re: Ports and privileges James W. Abendschan (Feb 27)
- Re: Ports and privileges tqbf (Feb 25)
- Re: Ports and privileges James W. Abendschan (Feb 24)
- <Possible follow-ups>
- Re: Ports and privileges tqbf (Feb 21)
- Re: Ports and privileges Darren Reed (Feb 21)
- Re: Ports and privileges tqbf (Feb 21)
- Re: Ports and privileges Darren Reed (Feb 21)