You're wrong. There is no such requirement in UNIX for "the most dangerous stuff to be handled at the highest priv level". No requirement at all.
A smart sys-admin 1) doesn't run any service on any port, privileged or not, unless it's absolutely needed. Yes, lots of services are configured by default, but most of them are a) very simple services that can do little or no damage if compromised and b) so old that most potential exploits in them were plugged long ago on any recent version. A smart admin will disable all those services anyway. 2) when a service is necessary, takes all all necessary steps to limit the damage that can be done, including only using applications that change uid to a less-privileged user to handle requests (like Apache). Please remember that an assumption is made that anyone who has root on a machine and is offering services to the public is savvy enough to understand the issues involved in running public services on ports less than 1024. In my opinion, that's a reasonable assumption to make. Unlike Apple (no flame war intended), making the operating system "idiot proof" is not a primary design goal for UNIX or Linux, nor should it be. If you have root, and your're using a service application that misbehaves, 30% of the blame is on the person who wrote the application, and 70% of the blame is on you for blindly using it in the first place. Please also realize that the primary services available on the Internet are, by design, available on privileged ports. This is also reasonable. The rationale being that not just anyone should be able to offer services to the public. Imagine the damage if Joe User could write a malicious version of BIND and bind it to port 52 on a server responsible for critical DNS information. To demand that the privileged port restriction be removed in the interests of convenience, and claiming that the restriction is "dumb" is, in my opinion, unreasonable, ignorant, irresponsible, and in hacker-speak, "lame". John > -----Original Message----- > From: Joe Tomcat [mailto:[EMAIL PROTECTED]] > Sent: Friday, December 06, 2002 6:13 PM > To: Tomcat Users List > Subject: RE: Why run tomcat as root > > > On Thu, 2002-12-05 at 20:33, Noel J. Bergman wrote: > > Access to ports < 1024 and minimizing root services is a > well-understood > > issue for anyone who ought to be using a *nix system, > having nothing to do > > with any specific server application. > > Restrictions on ports < 1024 and minimizing services running > as root are > contradictory aspects of the Unix "security model". The > right thing to > do is for Linux to get rid of this dumb "security" feature, > or at least > have an option to turn it off, so that a non-root process can bind > directly to port 80. The most dangerous data (stuff straight off the > net) should be handled at the lowest possible priv level. Right now, > Unix requires the most dangerous stuff to be handled at the highest > (most dangerous) priv level. Not smart. But there is nothing the > Tomcat crew can do about this mis-design. > > > > -- > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
