Vulnerability Development mailing list archives

RE: Ports 0-1023?

From: Michal Zalewski <lcamtuf () coredump cx>
Date: Thu, 4 Jul 2002 14:22:55 -0400 (EDT)

On Thu, 4 Jul 2002, Amanda Jones wrote:

If your firewall can do port forwarding then you can easily do this
yourself for most services. Just have the firewall forward port 25 to
say 2025 and let sendmail run on 2025.


Yes, but your MTA process most likely still needs root privileges to
expand certain aliases, read .forward files, perhaps access user-owned
maildirs / mailboxes.

If your MTA is modular, at best you can run the listener part as non-root
user, but it isn't the most vulnerable piece of code anyway - message
parsing, address expansion, actual delivery are most risky operations.

-- 
_____________________________________________________
Michal Zalewski [lcamtuf () bos bindview com] [security]
[http://lcamtuf.coredump.cx] <=-=> bash$ :(){ :|:&};:
=-=> Did you know that clones never use mirrors? <=-=
          http://lcamtuf.coredump.cx/photo/

Current thread:

Re: Ports 0-1023?, (continued)
- - - Re: Ports 0-1023? Brian Hatch (Jul 08)
    - Re: Ports 0-1023? Bruno Morisson (Jul 08)
- Re: Ports 0-1023? Martin Mačok (Jul 04)
  - Re: Ports 0-1023? Michal Zalewski (Jul 04)
- Re: Ports 0-1023? Nate Amsden (Jul 04)
- Re: Ports 0-1023? gminick (Jul 04)
- Re: Ports 0-1023? Brian Hatch (Jul 04)
  - Re: Ports 0-1023? Kent Crispin (Jul 04)
- Re: Ports 0-1023? David Schwartz (Jul 04)
- RE: Ports 0-1023? Amanda Jones (Jul 04)
  - RE: Ports 0-1023? Michal Zalewski (Jul 04)
- Re: Ports 0-1023? Dan Kaminsky (Jul 04)
- Re: Ports 0-1023? Michal Zalewski (Jul 04)
  - Re: Ports 0-1023? Sebastian Krahmer (Jul 05)
- Re: Ports 0-1023? robbe (Jul 04)
- Re: Ports 0-1023? Dave Aitel (Jul 04)
  - Re: Ports 0-1023? Michal Zalewski (Jul 04)
  - Re: Ports 0-1023? hicks (Jul 04)
- Re: Ports 0-1023? Juan M. Courcoul (Jul 04)
- Re: Ports 0-1023? Mark Ruth (Jul 04)
  - Re: Ports 0-1023? Bruno Morisson (Jul 04)

(Thread continues...)