Re: Guidance needed on well known ports

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> > - Conclusion 2: There is no reason for standards to uphold the
> > distinction between <1024 and >1024 any more.

> I agree that the requirement on UNIX-like systems to be root in order
> to bind to ports < 1024 is, in hindsight, a Bad Idea - but mostly
> because of insufficient privilege granularity.

If by "insufficient privilege granularity" you mean root confers other access,
I agree. But while not critical, it would also be useful to have finer
granularity in terms of who gets access to what ports.

>  I also think that
> trusting a source port as an indication of anything is a Bad Idea.

You bet.

> However, I do think that it's useful for there to be a range of port
> numbers that are only bound to a socket if an application specifically
> asks for one of those ports, as this would reduce the potential for
> accidental conflicts between servers needing to listen to a well-known
> port and servers for which any port would do.   And it would be
> appropriate for standards to respect this convention and assign
> well-known ports in the range of ports that would not be bound by
> default.

This also sounds reasonable.

> I also think that it would be reasonable for an OS to require
> privileges before it would allow an application to bind to certain
> ports.  But those ports would need to be explicitly enumerated
> somewhere, rather than merely being a range of numbers.

Yes, it clearly needs to be fully configurable. Perhaps some of the existing
internal firewall configuration mechanisms could be reused here...

				Ned

_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]