Firewall Wizards mailing list archives
Re: Ports and privileges
From: mcnabb () argus-systems com (Paul McNabb)
Date: Mon, 23 Feb 1998 08:17:58 -0600
The separation of "root" into multiple small privileges is exactly what is done on many of the trusted operating systems. When using one of these systems as your webserver or firewall base, you avoid many of the problems experienced with less secure operating systems. paul
From: Chris Pugrud <ChrisP () steldyn com> I know that _one_ of the primary reasons for all of the workarounds in doing suid and chroot is because many of these programs need to run as root (yes, chroot has many other uses). Why do they need to run as root? The primary reasons seems to be so that they can open privileged ports. How hard would it be to modify the stack (say Linux) so that I can run an unprivileged program on a low port (say 80)? Why would this be a bad thing? I understand the original concept, to keep users from running programs on privileged ports, but firewalls don't have users. Is there another logical reason that this step is not taken. Why can't I have a compile time option of "Disable privileged port restrictions?" Or is this coded so deeply in the system that it would just be a nightmare? Is the privileged port concept just a fuzzy glossover for some hidden primary issue that I don't want unprivileged uid's running on "privileged" ports on a firewall? I know I am not the first person to follow this logic chain. What I want to know is why isn't it being done.
--------------------------------------------------------- Paul McNabb Argus Systems Group, Inc. Vice President and CTO 1809 Woodfield Drive mcnabb () argus-systems com Savoy, IL 61874 USA TEL 217-355-6308 FAX 217-355-1433 "Securing the Future" ---------------------------------------------------------
Current thread:
- Re: Ports and privileges, (continued)
- Re: Ports and privileges tqbf (Feb 28)
- Re: Ports and privileges James W. Abendschan (Feb 27)
- Re: Ports and privileges tqbf (Feb 21)
- Re: Ports and privileges Darren Reed (Feb 21)
- Re: Ports and privileges tqbf (Feb 21)
- Re: Ports and privileges Vinci Chou (Feb 24)
- Re: Ports and privileges Bret McDanel (Feb 25)
- Re: Ports and privileges tqbf (Feb 27)
- Re: Ports and privileges Doug Hughes (Feb 27)
- Re: Ports and privileges Joseph S. D. Yao (Feb 27)
- Re: Ports and privileges Darren Reed (Feb 21)
- Re: Ports and privileges Paul McNabb (Feb 24)
- Re: Ports and privileges tqbf (Feb 24)
- Re: Ports and privileges John Lines (Feb 25)
- Re: Ports and privileges tqbf (Feb 24)
- Re: Ports and privileges Paul McNabb (Feb 25)