[PLUG] Socket Question
Don Buchholz
don at truedisk.com
Fri Sep 20 01:18:02 UTC 2002
Jason Dagit wrote:
>
> I was just curious if anyone knows why tcp/ip sockets below 1024 need
> root permission, but sockets above 1024 do not?
>
In "The Good Old Days"(r), you didn't connect a system to the network
unless you had a lot of resources ($$$). It was a gentlemen's agreement
to limit TCP ports <1024 to 'system-only' privileges. After all, the
system wouldn't be in existence if there wasn't a professional staff to
support it.
Therefore, if I contacted a system at port 79 (finger), I could be fairly
certain that I was getting an answer from a system admin program. If the
admin wasn't running fingerd, then a random user could hang a daemon on
that port and send any old bogus answer. This gets even more interesting
when you peruse the low-numbered port names ... ftp, ssh, telnet, smtp,
time, nameserver, tacacs, domain, bootps & bootpc, tftp, finger, ntp,
auth, sunrpc, ....
> Is this some sort of attempt to prevent users from preempting programs
> Like sshd from using it's usuall port?
Yes ... or worse, spoofing the daemon.
I think, that at some level, even, there was a facility which could be
used to propogate authentication from one system to another. Basically,
if a program on Host A connected to Host B from a low numbered port, and
Host A's protocal said "this is user 'X'", then Host B would accept that.
... then personal computers got cheap to network, and easy to connect, and
no one could ever trust a low-numbered port again ...
More information about the PLUG
mailing list