begin quoting John H. Robinson, IV as of Fri, Sep 16, 2005 at 08:42:47AM -0700: > Tracy R Reed wrote: > > Andrew Lentvorski wrote: > > > Besides, if you really want to help improve security, we need to get off > > > of privileged ports like 80, anyhow. > > > > I've always wondered: Why IS 80 a privileged port? Back in the day it > > meant that if a connection were coming from a port below 1024 you could > > trust that the connection was coming from someone with admin rights on > > the machine and not just any user. But those days are long gone. Why > > does Linux even require root to bind to something under 1024 anymore? > > Does anyone even use this authentication method anymore? > > And this was for connections coming *from* <1024, not going to.
...which you couldn't trust if it involved machine outside of your control or machines outside of the control of those you could trust. On a multi-user machine, it's useful to have the distinction between services offered by the system and services offered by J. Random User. The microcomputer-boom plus widespread networking has resulted in (more or less) one machine per user. Even where you have more than one user per machine, the number of users per machine typically is very small. (Universities and large corporations are presumably exceptions.) -Stewart "Change the environment, change the concerns." Stremler -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
