RE: allowing ordinary users to open privileged ports

From: Alan W. Rateliff, II (lists_at_rateliff.net)
Date: 09/04/04

  • Next message: Casper Dik: "Re: allowing ordinary users to open privileged ports"
    To: <rrepasa@ekonek.com>, <focus-sun@securityfocus.com>
    Date: Sat, 4 Sep 2004 10:07:25 -0400
    
    

    > -----Original Message-----
    > From: randy calma repasa [mailto:rrepasa@ekonek.com]
    > Sent: Thursday, September 02, 2004 10:41 AM
    > To: focus-sun@securityfocus.com
    > Subject: allowing ordinary users to open privileged ports
    >
    > Hello all,
    >
    > Has anyone in the list successfully tried allowing ordinary
    > users to open privileged (< 1024) ports? We have a solaris 8 on sparc
    > machine running an (java) application that normally uses ports > 1024;
    > however a client requested the application to use privileged ports
    > instead.

    Check this out:

    http://www.sean.de/Solaris/soltune.html

    Look at the /dev/tcp option "tcp_smallest_nonpriv_port". There's a lot of
    tweaking you can do with privileged ports, just BE VERY CAREFUL. If you
    were to make any of the well-known services (http, smtp, etc.)
    non-privileged, you run the risk of becoming a security problem to yourself
    and the rest of the Internet. (Well, allowing users to set up listeners
    PERIOD could be construed as a security risk, but all of this has been and
    could be topic for debate.)

    Also have a look at the Solaris Tunable Parameters Reference guides which
    are linked in the introduction. All very good references to have handy.

    -- 
           Alan W. Rateliff, II        :       RATELIFF.NET
     Independent Technology Consultant :    alan2@rateliff.net
          (Office) 850/350-0260        :  (Mobile) 850/559-0100
    -------------------------------------------------------------
    [System Administration][IT Consulting][Computer Sales/Repair]
     
    

  • Next message: Casper Dik: "Re: allowing ordinary users to open privileged ports"