On Llu, 2004-01-05 at 20:12, Adam Thornton wrote: > rsh, rcp, rlogin: I don't really know why they need to be setuid, but > you don't want them on your system anyway. Use ssh instead. It can do > everything those can, and it provides a secure transport to do it.
BSD unix people had this idea that they would make ports 512-1023 only usable by root. That allows the other end to prove trust by checking the port number. rsh etc are setuid as they use this facility Nowdays of course that sounds comical but at the time random people didn't own computers let alone plug them into university networks and sniff traffic. Rsh/rcp/rlogin/etc are basically "compatibility toys", ssh replaces the lot and uses real crypto to do its work instead > Sendmail: needs root privileges to bind to port 25; if you run it as > mail rather than root, then it can do the bind and give up the root > privileges quickly rather than having to *stay* root, which is even more > dangerous. My suggestion is that you don't want to run Sendmail either: > it is big and hairy and has a history of security exposures. My > favorite MTA is Exim; qmail and postfix are the other popular choices. > However, these are still going to run as root or be setuid root, so that > they can bind port 25. And also so they can deliver mail to users mailboxes, and keep their spool areas private, although those bits run as mail users not root generally
