Re: Is starting a user program on priv port via inetd dangerous ?

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Joe Hentzel: "Re: yes, there's another hole in BIND"
• Previous message: George Boyce: "Re: coredumps on setuid programs."
• In reply to: Darren Reed: "Re: Is starting a user program on priv port via inetd dangerous ?"
• Next in thread: matthew green: "Re: Is starting a user program on priv port via inetd dangerous ?"

>
>Your average BSD rlogind will check the port the connection comes from, so
>I assume they all do when they come from your trusty vendor, to make sure
>it is within the range 512 to 1024, or more precisely, the upper half of
>whatever it believes is the range for priviledged ports to be (there's a
>kernel variable on Solaris2 for this...I'm curious about what happens when
>this becomes 0 :-)
>
>So straight away, this puts 194 out of the market.
>
>What if it were 594 ?
>

And then there's the case of tcp/ip implementations that come with no
such meaning. i.e I can bind any port I want on those. IBM's tcp/ip
for VM does this, most pc's do this, etc. The problem with VM's is
that unlike the pc generally, it comes with a complete bsdish 
networking library. So, it's relatively easy to spoof sockets from
these then. i.e don't put mainframe's in your .rhosts :-) (I have
seen people do this).

James

• Next message: Joe Hentzel: "Re: yes, there's another hole in BIND"
• Previous message: George Boyce: "Re: coredumps on setuid programs."
• In reply to: Darren Reed: "Re: Is starting a user program on priv port via inetd dangerous ?"
• Next in thread: matthew green: "Re: Is starting a user program on priv port via inetd dangerous ?"