Re: Got root?

To: debian-security@lists.debian.org
Subject: Re: Got root?
From: John Bloodworth <"sgl\\jbloodworth\\john_bloodworth"@120.103.1.1>
Date: Tue, 01 May 2001 07:29:41 -0700
Message-id: <5.1.0.14.2.20010501072414.009ea630@120.103.1.1>
In-reply-to: <01042907190600.00703@kiwi>

At 07:19 AM 4/29/01 -0400, you wrote:

Hi

I know that this might sound like a stupid question, but its one that has
been bugging me.

Why does UNIX continue to give root access to all deamons below port 1024?

I know that UNIX does it so that normal users can't seem like legit and
important services, but there surely must be some better way of delegating a
port below 1024 to a deamon.

A while ago, I remember reading on slashdot about how TrustedBSD and OpenBSD
were different from each other.  One of the differences was the fact that
TrustedBSD used ACLs to give acccess to whatever for whomever.  Couldn't you
essentially do the same for ports?  (Instead of giving access to files, you
would give acces to ports)

It would be like having a file called /etc/acl.ports (or something) and
within the file, would be a list which binaries are allowed to bind to what
ports.  (an example is provided below)

# /etc/acl.ports


>>>SNIP<<<

I dont know if this is along the lines of what you wanted but take a ganderand this site.

http://www.nsa.gov/selinux/index.html
or the se-linux faq at
http://www.nsa.gov/selinux/faq.html

I am yet to try the NSA patch but at the very least it is it is interestingreading.


John W. Bloodworth
Senior linux support technician

 This answer was provided by the
 Sutherland Support Center.
 We provide solutions for most of your
 Linux needs.

(800) 431-3787

Reply to:

Prev by Date: Re: Got root?
Next by Date: IP_MASQ:reverse ICMP: failed checksum from x.x.x.x!
Previous by thread: Re: Got root?
Next by thread: Re: Got root?
Index(es):
- Date
- Thread