On Thu, 15 Sep 2005, Tracy R Reed wrote: > Andrew Lentvorski wrote: > > Besides, if you really want to help improve security, we need to get off > > of privileged ports like 80, anyhow. > > I've always wondered: Why IS 80 a privileged port? Back in the day it > meant that if a connection were coming from a port below 1024 you could > trust that the connection was coming from someone with admin rights on > the machine and not just any user. But those days are long gone. Why > does Linux even require root to bind to something under 1024 anymore?
I think the idea now is to show that whatever service is bound to that port was in fact started by the administrator. To the extent that you trust root on the remote machine more than you trust any ordinary users there this may offer you some assurance that services running below 1024 won't sniff your paswords, steal your credit card numbers, etc. This is probably anachronistic what with all the priviledge escalation bugs floating around but that's the rationale. -Deke -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
