[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
OT: Re: Login security
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: OT: Re: Login security
- From: Jeff Bachtel <sebastion_(_at_)_irelandmail_(_dot_)_com>
- Date: Thu, 14 Sep 2000 21:33:25 -0500
All connections to tcp/udp ports under 1024 are restricted to
root-owned processes. All normal login methods (rsh, ssh, telnet, ftp,
pop3) go to ports <1024. Therefore, pretty much by definition you
connect to a root-owned process. If root is running a user database,
it isn't rogue :)
Nothing keeps a process from running a service on a non-reserved port,
along with user databases and whatnot, but all actions taken by such a
process would be done under the user login id that ran the initial
other devices (ie, consoles) are owned by root, and only root-owned
getty processes can communicate with them..
On Thu, Sep 14, 2000 at 09:42:44PM -0400, darkmodem.net wrote:
> Might as well dive right in...
> What keeps a machine from allowing rogue logins (complete with rogue user databses)?
> If I knew the answer I wouldn't have asked. Thanks ahead of time.