Re: Request for discussion.

Karl Strickland (karl@bagpuss.demon.co.uk)
Tue, 7 Feb 1995 02:46:44 +0000 (GMT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Karl Strickland: "Re: Request for discussion."
Previous message: Timothy Newsham: "Re: Request for discussion."
In reply to: Timothy Newsham: "Re: Request for discussion."
Next in thread: Timothy Newsham: "Re: Request for discussion."

> > > - run network daemons with lower priveledges.
> > > discussion:  Why are so many net daemons run as root?
> > 
> > I speculate because they want to bind to privileged ports.
> > [Yes, I know that's not a good reason.]
> 
> Telnetd runs as root.  I haven't gone in and looked at it yet
> but some things it doesnt need root for are:
> 
>    (1) Binding to port 23 - inetd does that.

True

>    (2) Setting the users id - login does that.

By the same token, many people dont run /bin/login suid root.  So in this
instance, you're just swapping one privileged program for another?  Is
login better to have running as root than telnetd?  I can think of more
published holes in login.

Also what about changing ownership/permissions of your pty (on BSD based
pty systems) on login/logout, and writing wtmp records on logout?

------------------------------------------+-----------------------------------
Mailed using ELM on FreeBSD               |                    Karl Strickland
PGP 2.3a Public Key Available.            | Internet: karl@bagpuss.demon.co.uk
                                          |

Next message: Karl Strickland: "Re: Request for discussion."
Previous message: Timothy Newsham: "Re: Request for discussion."
In reply to: Timothy Newsham: "Re: Request for discussion."
Next in thread: Timothy Newsham: "Re: Request for discussion."