Re: Disabling X and KDM from listening on a port.
From: Dragos Ruiu (dr@kyx.net)Date: 08/16/01
- Previous message: John Oliver: "Re: strange connection on port 111.. more question"
- In reply to: Avery Payne: "Re: Disabling X and KDM from listening on a port."
- Next in thread: Hugo van der Kooij: "Re: Disabling X and KDM from listening on a port."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Dragos Ruiu <dr@kyx.net> To: "Avery Payne" <apayne@pcfruit.com>, "Focus on Linux Mailing List" <FOCUS-LINUX@SECURITYFOCUS.COM> Subject: Re: Disabling X and KDM from listening on a port. Date: Wed, 15 Aug 2001 17:25:29 -0700 Message-Id: <01081517295603.33176@smp.kyx.net>
On Wed, 15 Aug 2001, Avery Payne wrote:
>
> KDM openning a connection on 1024 is a different issue. Why the fsck are we
> binding root-priv programs to ports above 1024 to begin with? Can anyone
> explain the design goal of this?
>
> And XDM running on 177 is *entirely* a different issue. Frankly, opening
> ports below 1024 makes me nervous, period. (because they are by nature
> privledged, and only a few services are smart enough to drop their privs to
> something less than "root"). The last line of this email is quite
> effective, when placed *last* in a chain set. I call it "the bit sump",
> because all of the lowest-common denomination probes/attacks are snared by
> it:
AFAIK KDM and XDM predate the common adoption of the <1024 "priviledged"
port convention (XDM for sure...). So it's not to fair to pick on it too hard,
and probably well too late to change this without undue legacy app breakage...
imho.
cheers,
--dr
- Previous message: John Oliver: "Re: strange connection on port 111.. more question"
- In reply to: Avery Payne: "Re: Disabling X and KDM from listening on a port."
- Next in thread: Hugo van der Kooij: "Re: Disabling X and KDM from listening on a port."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
