The idea of requiring a privillege to access certain ports can have utility.
The idea of requiring root in a monolithic two level system like unix is a very bad one indeed. Http and smtp servers should not run as root. Forcing them to is bad o/s design.
-----Original Message-----
From: Andy Bierman [mailto:ietf@xxxxxxxxxxxxxxx]
Sent: Mon Mar 20 05:57:34 2006
To: Stephane Bortzmeyer
Cc: Ned Freed; ietf@xxxxxxxx
Subject: Re: Guidance needed on well known ports
Stephane Bortzmeyer wrote:
> On Sun, Mar 19, 2006 at 12:42:17PM -0800,
> Ned Freed <ned.freed@xxxxxxxxxxx> wrote
> a message of 35 lines which said:
>
>
>> The privileged port concept has some marginal utility on multiuser
>> systems where you don't Joe-random-user to grab some port for a well
>> known service.
>>
>
> "had", not "has". The concept was invented at a time where multi-users
> machines were rare and expensive monsters. So, a request coming from
> source port 513 probably was "serious". Today, any highschool student
> is root on his PC and therefore this protection is almost useless.
>
But does that student have access to the root account on servers which
are part of the networking infrastructure? Who cares if Joe User
blows up his own config. on a PC that nobody else depends on but Joe?
I find the argument flawed -- that because Joe User can be root on his
own PC,
the concept of privileged access to shared system-critical infrastructure is
somehow obsolete.
Andy
>
>
> _______________________________________________
> Ietf mailing list
> Ietf@xxxxxxxx
> https://www1.ietf.org/mailman/listinfo/ietf
>
>
>
_______________________________________________
Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf
_______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf