> Restrictions on ports < 1024 and minimizing services running as root are
> contradictory aspects of the Unix "security model".
You want to minimize the trusted code base, and you want to assure that
public services (< 1024) cannot be spoofed. You might want the port owner
to make sure that the worker it is delivering to is valid, but you don't
want the port owner to do anything that could lead to a break-in, and you
don't want the more vulnerable worker to have unnecessary access rights.
> The right thing to do is for Linux to get rid of this dumb "security"
> feature, or at least have an option to turn it off, so that a non-root
> process can bind directly to port 80.
So any buffer overflow problem in a non-privileged application can open your
entire system like can opener. Lovely.
In any event, this is not a general linux security mailing list, so I'll
drop the topic unless someone wants to discuss it privately.
Personally, one of my goals is to go the other way and stick tomcat into a
chroot jail, so that it has access to nothing that I don't specifically
place into the environment.
--- Noel
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
