Re: sockfs - a filesystem for reserved port permissions

H. Peter Anvin (hpa@transmeta.com)
18 Sep 1997 21:25:03 GMT

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Teunis Peters: "Re: Regarding VGA Fonts ?"
Previous message: David S. Miller: "Re: And in today's snapshot..."
Maybe in reply to: Malcolm Beattie: "sockfs - a filesystem for reserved port permissions"

Followup to: <Pine.GSO.3.96.970918113615.11139K-100000@buffy>
By author: Taner Halicioglu <taner@isi.net>
In newsgroup: linux.dev.kernel
>
> Well, an interesting example of 'random ports' that get bound to a port #
> below 1024, is ssh. ssh starts at 1023, and works DOWN... rather
> interesting, if you ask me.
>
> I was rather perplexed as to why, but I can only guess it's to avoid any
> possibilities of another non-root program trying to bind at the same time?
>

ssh does this if (and only if) it runs setuid root. The reason is
that if the other side allows .rhosts (rsh-style) authentication, it
has to know that it is indeed talking to a bona fide ssh on the other
side, and not a user-spoof process.

If you don't install ssh .rhosts authentication will fail even if
enabled at the target site, but ssh will behave like any other TCP
process.

rsh does the same thing, and there you don't even have any
alternatives.

-hpa

-- 
    PGP: 2047/2A960705 BA 03 D3 2C 14 A8 A8 BD  1E DF FE 69 EE 35 BD 74
    See http://www.zytor.com/~hpa/ for web page and full PGP public key
Always looking for a few good BOsFH.  **  Linux - the OS of global cooperation
        I am Baha'i -- ask me about it or see http://www.bahai.org/

Next message: Teunis Peters: "Re: Regarding VGA Fonts ?"
Previous message: David S. Miller: "Re: And in today's snapshot..."
Maybe in reply to: Malcolm Beattie: "sockfs - a filesystem for reserved port permissions"