> > > - run network daemons with lower priveledges. > > > discussion: Why are so many net daemons run as root? > > > > I speculate because they want to bind to privileged ports. > > [Yes, I know that's not a good reason.] > > Telnetd runs as root. I haven't gone in and looked at it yet > but some things it doesnt need root for are: > > (1) Binding to port 23 - inetd does that. True > (2) Setting the users id - login does that. By the same token, many people dont run /bin/login suid root. So in this instance, you're just swapping one privileged program for another? Is login better to have running as root than telnetd? I can think of more published holes in login. Also what about changing ownership/permissions of your pty (on BSD based pty systems) on login/logout, and writing wtmp records on logout? ------------------------------------------+----------------------------------- Mailed using ELM on FreeBSD | Karl Strickland PGP 2.3a Public Key Available. | Internet: karl@bagpuss.demon.co.uk |