On Sat, 2006-03-18 at 09:38 -0800, Eliot Lear wrote:
This therefore leads to two questions for the community:
1. Are well known ports archaic? If so, can we request that the IANA
do away with the distinction?
2. If they are not archaic, under what circumstances should they be
allocated?
new protocols can not rely on the security the priveleged ports provide,
but there are still many such protocols in use (e.g. LPD, port 515), and
so the distinction is useful for administrators configuring userspace'
access to ports on workstations.
The problem is this cuts both way. The privileged port concept has some
marginal utility on multiuser systems where you don't Joe-random-user to grab
some port for a well known service. OTOH, this forces servers running on those
ports to have privileges (usually in the form of running as root) for some
period of time. The need to operate with privileges complicates server design,
may impose difficult constraints on activities like configuration reloads, and
may lead to remote vulnerabilities. So, for a production server with no local
users, the privileged port restriction can do much more harm than good. And
finally, we have plenty of protocols that make just as much sense on multiuser
systems as they do on a production server with no local users. So it is
impossible to get this right.
The solution is to abandon the coarse grained root-access-to-low-ports security
model entirely in favor of some form of finer grained access control.
In the meantime, I'm with Harald: Flip a coin and be done with it.
Ned
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf