DragonFly kernel List (threaded) for 2004-07
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]

Re: modify kernel to accept listen <1023 not uid=0 ?

From:	Ed <df@xxxxxx>
Date:	Sat, 31 Jul 2004 09:46:19 +0200

On Saturday 31 July 2004 09:27, rmkml wrote:
> BSD not accept listen <1023


Bad idea !


This will permit to _any_ user on your box to simulate that service.

Example:

1) john.doe@ logs in

2) he crash your POP3 daemon (port 110)

3) he launch his own POP3 daemon that will sniff every user/pwd

Same thing could happen for every daemon that doesn't need root privileges to 
bind that port. However, if you use a packet filter you could avoid this 
using the user/group keyword for every service.


	Ed

Follow-Ups:
- Re: modify kernel to accept listen <1023 not uid=0 ?
  - From: rmkml

References:
- modify kernel to accept listen <1023 not uid=0 ?
  - From: rmkml

[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]