Hosting Provided By

priviledges ports, was Re: spamd

From: Peter Galbavy <peter.galbavy(at)knowtion.net>
Date: Thu Jan 30 2003 - 04:48:00 EST

> it has to bind before privilege drop if it binds to a privileged port,
aka a
> port < 1024. spamd can and should listen on a port >= 1024, e. g.
8025.

This may be heresy, but the issue of ports < 1024 being priviledged is 'old' and has been somewhat overshadowed by the fact that for the past 10 years, almost anyone can have their own box to admin, and you can open ports wherever - its just the ports on machiners where you don't have admin privs that matter.

Would there be any mileage in removing the underlying restriction, making some code able to run without any special privs at all, and putting the control of 'who' can bind to 'what' in external rules, PF or systrace for example ?

Peter Received on Thu Jan 30 04:49:26 2003

This message: [ Message body ]
Next message: Theo de Raadt: "Re: priviledges ports, was Re: spamd"
Previous message: Abdul Rehman Gani: "Re: recent security changes in openbsd"
In reply to Henning Brauer: "Re: spamd"
Next in thread: Theo de Raadt: "Re: priviledges ports, was Re: spamd"
Reply: Theo de Raadt: "Re: priviledges ports, was Re: spamd"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 13:48:29 EDT