[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

OT: Re: Login security



All connections to tcp/udp ports under 1024 are restricted to
root-owned processes. All normal login methods (rsh, ssh, telnet, ftp,
pop3) go to ports <1024. Therefore, pretty much by definition you
connect to a root-owned process. If root is running a user database,
it isn't rogue :)

Nothing keeps a process from running a service on a non-reserved port,
along with user databases and whatnot, but all actions taken by such a
process would be done under the user login id that ran the initial
daemon process.

other devices (ie, consoles) are owned by root, and only root-owned
getty processes can communicate with them..

jeff

On Thu, Sep 14, 2000 at 09:42:44PM -0400, darkmodem.net wrote:
> 
> Might as well dive right in...
> 
> What keeps a machine from allowing rogue logins (complete with rogue user databses)?
> 
> If I knew the answer I wouldn't have asked. Thanks ahead of time.
> 
>