>
> Interesting argument. However, consider this: if you completely trust your
> 'firewalled' box, then why not run the web server as root? One response,
Protection of the system from simple mistakes by trusted users? Also
root can do a lot more, such as putting interfaces into promiscious
mode. So the idea is to just lift the bind-to-low-ports check.
> in your case is the fact that you mention your trust on users(humans are
> the most easy to compromise, however that argument is a bit OT). However,
> do you trust all of your webserver code? Do you trust your cgi-bin
> scripts and applications? And by trust I not only mean harmful intent by
> the authors of software, but unintentional bugs which can be exploited,
> and will be given the privilege to bind to <1024 ports even when they run
> as a user with least privileges.
>
My revised thinking is that the patch should only lift the restriction
for just the necessary ports.
Another idea is to do it with groups, say let group n be a "net-privileged" group.
-- cary
> Just my opinion.
>
> nitesh.
>
>
> On Sun, 30 Jul 2000, Cary O'Brien wrote:
>
> > > Cary O'Brien wrote:
> > >
> > > > Well...
> > > >
> > > > If you are running on Linux you could simply edit the kernel code to
> > > > elimitate the check on being root to bind to low ports. That's what
> > > > we did.
> > >
> > > Which is an even worse idea.
> > >
> >
> > Why? On a sufficiently firewalled off box, where the few logins are
> > completly trusted, what's the diff? If you were worried about people
> > cracking a user account and getting underneath telnet, than limit the
> > lifting of the restriction to port 80. If you are concerned that
> > non-root users could launch attacks from low ports at other machines,
> > assuming that only good guys can come from low ports is pretty naive.
> >
> > The whole business about not letting anyone but root bind to low ports
> > makes sense for a public access machine where all the first year
> > engineering students have an account, but for a dedicated application
> > server it is kind of misdirected. You ought to be running next to
> > nothing but the application, and you had better trust everyone that
> > you give a login to, and you out to have the thing locked
> > down/firewalled well. So the tiny bit of possible protection may not
> > be worth the hassle/risks of writing your own suid-wrapper, or the
> > complexity of having a redirect and messing with site-access so that
> > the port numbers in the zope -- what it is that parameter -- base or
> > whatever, comes out write.
> >
> > Just for fun - does NT have the same restriction?
> >
> > -- cary
> >
> > _______________________________________________
> > Zope maillist - [EMAIL PROTECTED]
> > http://lists.zope.org/mailman/listinfo/zope
> > ** No cross posts or HTML encoding! **
> > (Related lists -
> > http://lists.zope.org/mailman/listinfo/zope-announce
> > http://lists.zope.org/mailman/listinfo/zope-dev )
> >
> >
>
>
>
> --__--__--
>
_______________________________________________
Zope maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope-dev )
