[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

OT: Re: Login security

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: OT: Re: Login security
From: Jeff Bachtel <sebastion_(_at_)_irelandmail_(_dot_)_com>
Date: Thu, 14 Sep 2000 21:33:25 -0500

All connections to tcp/udp ports under 1024 are restricted to
root-owned processes. All normal login methods (rsh, ssh, telnet, ftp,
pop3) go to ports <1024. Therefore, pretty much by definition you
connect to a root-owned process. If root is running a user database,
it isn't rogue :)

Nothing keeps a process from running a service on a non-reserved port,
along with user databases and whatnot, but all actions taken by such a
process would be done under the user login id that ran the initial
daemon process.

other devices (ie, consoles) are owned by root, and only root-owned
getty processes can communicate with them..

jeff

On Thu, Sep 14, 2000 at 09:42:44PM -0400, darkmodem.net wrote:
> 
> Might as well dive right in...
> 
> What keeps a machine from allowing rogue logins (complete with rogue user databses)?
> 
> If I knew the answer I wouldn't have asked. Thanks ahead of time.
> 
>

References:
- Login security
  - From: darkmodem.net

Prev by Date: Re: efnet #openbsd
Next by Date: Re: efnet #openbsd
Previous by thread: Login security
Next by thread: Man problem
Index(es):
- Date
- Thread

Visit your host, monkey.org