Vulnerability Development mailing list archives

Re: Ports 0-1023?

From: Sebastian Krahmer <krahmer () suse de>
Date: Fri, 5 Jul 2002 11:02:31 +0200 (CEST)

On Thu, 4 Jul 2002, Michal Zalewski wrote:

Hi,

On Thu, 4 Jul 2002, Blue Boar wrote:

Is there any point in needing to be root in order to allocate the low ports
on unix-like systems, anymore?


As long as you keep the old privilege model, of course. You don't want
your users to bind port 25 when Sendmail goes down for a short while
(actually, you can induce it pretty easily in certain configurations).

Thats not even needed. A very nice trick is to bind
to a more specific address if sendmail or apache
binds to INADDR_ANY. Then one should bind to the real
IP and wait what is coming ;-)

regards,
Sebastian

-- 
~
~ perl self.pl
~ $_='print"\$_=\47$_\47;eval"';eval
~ krahmer () suse de - SuSE Security Team
~

Current thread:

Re: Ports 0-1023?, (continued)
- - Re: Ports 0-1023? Michal Zalewski (Jul 04)
- Re: Ports 0-1023? Nate Amsden (Jul 04)
- Re: Ports 0-1023? gminick (Jul 04)
- Re: Ports 0-1023? Brian Hatch (Jul 04)
  - Re: Ports 0-1023? Kent Crispin (Jul 04)
- Re: Ports 0-1023? David Schwartz (Jul 04)
- RE: Ports 0-1023? Amanda Jones (Jul 04)
  - RE: Ports 0-1023? Michal Zalewski (Jul 04)
- Re: Ports 0-1023? Dan Kaminsky (Jul 04)
- Re: Ports 0-1023? Michal Zalewski (Jul 04)
  - Re: Ports 0-1023? Sebastian Krahmer (Jul 05)
- Re: Ports 0-1023? robbe (Jul 04)
- Re: Ports 0-1023? Dave Aitel (Jul 04)
  - Re: Ports 0-1023? Michal Zalewski (Jul 04)
  - Re: Ports 0-1023? hicks (Jul 04)
- Re: Ports 0-1023? Juan M. Courcoul (Jul 04)
- Re: Ports 0-1023? Mark Ruth (Jul 04)
  - Re: Ports 0-1023? Bruno Morisson (Jul 04)
    - Re: Ports 0-1023? gminick (Jul 04)
    - Re: Ports 0-1023? Bruno Morisson (Jul 04)
    - Re: Ports 0-1023? gminick (Jul 05)

(Thread continues...)