Re: Ports 0-1023?

["Juan M. Courcoul" <courcoul () campus qro itesm mx>]

Blue Boar wrote:

> Is there any point in needing to be root in order to allocate the low 
> ports on unix-like systems, anymore?  


Like most things TCP/IP, the 1023 limit is a leftover from a carefree, 
trustworthy and long-ago era. Security-wise and considering the current 
state of hack technology, it is merely a minor nuisance; i.e., a non-issue.

However, 99.99% of computer users, at all levels, are not devious social 
miscreants hellbent on DoSsing Yahoo and the 1023 limit serves, IMHO, as 
a warning bell preventing unwitting and unknowing users from trampling 
over their vital services whose well-known-ports have been assigned 
"below the line" for this reason. Implementation-wise, I think this is a 
cheaper and easier way to accomplish that, than with alternatives like 
port-ACL's or the like, which will be by their very nature over-the-top 
for most newbies.

Beware that the Linux revolution on one hand and Apple's MacOS X on the 
other will be ushering a whole new and hopefully abundant crowd of 
inexperienced Unix users, many of whom have absolutely no interest or 
desire in exploring the finer points of system administration; they just 
"want to get the job done", even though they may screw up the rest of 
the network in their blissful ignorance. And we all know that many if 
not most default, out-of-the-box, system configurations are a security 
nightmare and a hacker's paradise, and will remain so during the entire 
lifecycle of the machine.

J. Courcoul