[PLUG] Socket Question

Don Buchholz don at truedisk.com
Fri Sep 20 01:18:02 UTC 2002


Jason Dagit wrote:
>
> I was just curious if anyone knows why tcp/ip sockets below 1024 need
> root permission, but sockets above 1024 do not?
>

In "The Good Old Days"(r), you didn't connect a system to the network
unless you had a lot of resources ($$$).  It was a gentlemen's agreement
to limit TCP ports <1024 to 'system-only' privileges.  After all, the
system wouldn't be in existence if there wasn't a professional staff to
support it.

Therefore, if I contacted a system at port 79 (finger), I could be fairly
certain that I was getting an answer from a system admin program.  If the
admin wasn't running fingerd, then a random user could hang a daemon on
that port and send any old bogus answer.  This gets even more interesting
when you peruse the low-numbered port names ... ftp, ssh, telnet, smtp,
time, nameserver, tacacs, domain, bootps & bootpc, tftp, finger, ntp,
auth, sunrpc, ....

 > Is this some sort of attempt to prevent users from preempting programs
 > Like sshd from using it's usuall port?
Yes ... or worse, spoofing the daemon.

I think, that at some level, even, there was a facility which could be
used to propogate authentication from one system to another.  Basically,
if a program on Host A connected to Host B from a low numbered port, and
Host A's protocal said "this is user 'X'", then Host B would accept that.

... then personal computers got cheap to network, and easy to connect, and
no one could ever trust a low-numbered port again ...







More information about the PLUG mailing list