DragonFly BSD
DragonFly kernel List (threaded) for 2004-07
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

Re: modify kernel to accept listen <1023 not uid=0 ?


From: Ed <df@xxxxxx>
Date: Sat, 31 Jul 2004 09:46:19 +0200

On Saturday 31 July 2004 09:27, rmkml wrote:
> BSD not accept listen <1023


Bad idea !


This will permit to _any_ user on your box to simulate that service.

Example:

1) john.doe@ logs in

2) he crash your POP3 daemon (port 110)

3) he launch his own POP3 daemon that will sniff every user/pwd

Same thing could happen for every daemon that doesn't need root privileges to 
bind that port. However, if you use a packet filter you could avoid this 
using the user/group keyword for every service.


	Ed




[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]