DragonFly BSD
DragonFly kernel List (threaded) for 2004-07
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

Re: modify kernel to accept listen <1023 not uid=0 ?


From: rmkml <rmkml@xxxxxxxxxx>
Date: Sat, 31 Jul 2004 11:53:36 +0200

ok,

your view use account on bsd host, but you don't have root access : ok

but look if you have root access ?

(bsd dedicated on one task : web / ftp / ......

but not accept connect on user account like ssh)

Regards

Rmkml@xxxxxxxxxx



Ed wrote:

> On Saturday 31 July 2004 09:27, rmkml wrote:
> > BSD not accept listen <1023
>
> Bad idea !
>
> This will permit to _any_ user on your box to simulate that service.
>
> Example:
>
> 1) john.doe@ logs in
>
> 2) he crash your POP3 daemon (port 110)
>
> 3) he launch his own POP3 daemon that will sniff every user/pwd
>
> Same thing could happen for every daemon that doesn't need root privileges to
> bind that port. However, if you use a packet filter you could avoid this
> using the user/group keyword for every service.
>
>         Ed




[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]