IETF Logo Mail Archive

Re: Guidance needed on well known ports

Ned Freed <ned.freed@mrochek.com> Mon, 20 March 2006 20:48 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FLRIK-0008Uo-GR; Mon, 20 Mar 2006 15:48:04 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FLRII-0008Sl-UB for ietf@ietf.org; Mon, 20 Mar 2006 15:48:02 -0500
Received: from [206.117.180.234] (helo=mauve.mrochek.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FLRIH-0002Pp-K3 for ietf@ietf.org; Mon, 20 Mar 2006 15:48:02 -0500
Received: from mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01M09PWBBUYO000078@mauve.mrochek.com> for ietf@ietf.org; Mon, 20 Mar 2006 12:47:59 -0800 (PST)
To: Keith Moore <moore@cs.utk.edu>
Message-id: <01M0A187K23C000078@mauve.mrochek.com>
Date: Mon, 20 Mar 2006 12:42:51 -0800
From: Ned Freed <ned.freed@mrochek.com>
In-reply-to: "Your message dated Mon, 20 Mar 2006 12:00:40 -0500" <20060320120040.2b5318e9.moore@cs.utk.edu>
MIME-version: 1.0
Content-type: TEXT/PLAIN
References: <441C457D.5080900@cisco.com> <1142722547.1812.20.camel@mattugur.ifi.uio.no> <01M08N0RCFTS000078@mauve.mrochek.com> <20060320110923.GD31741@nic.fr> <441EB4BD.6000307@andybierman.com> <01M09QSI3LJ6000078@mauve.mrochek.com> <441ED375.50202@alvestrand.no> <20060320120040.2b5318e9.moore@cs.utk.edu>
X-Spam-Score: 0.1 (/)
X-Scan-Signature: 52e1467c2184c31006318542db5614d5
Cc: Harald Alvestrand <harald@alvestrand.no>, ned.freed@mrochek.com, ietf@ietf.org
Subject: Re: Guidance needed on well known ports
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Errors-To: ietf-bounces@ietf.org

> > - Conclusion 2: There is no reason for standards to uphold the
> > distinction between <1024 and >1024 any more.

> I agree that the requirement on UNIX-like systems to be root in order
> to bind to ports < 1024 is, in hindsight, a Bad Idea - but mostly
> because of insufficient privilege granularity.

If by "insufficient privilege granularity" you mean root confers other access,
I agree. But while not critical, it would also be useful to have finer
granularity in terms of who gets access to what ports.

>  I also think that
> trusting a source port as an indication of anything is a Bad Idea.

You bet.

> However, I do think that it's useful for there to be a range of port
> numbers that are only bound to a socket if an application specifically
> asks for one of those ports, as this would reduce the potential for
> accidental conflicts between servers needing to listen to a well-known
> port and servers for which any port would do.   And it would be
> appropriate for standards to respect this convention and assign
> well-known ports in the range of ports that would not be bound by
> default.

This also sounds reasonable.

> I also think that it would be reasonable for an OS to require
> privileges before it would allow an application to bind to certain
> ports.  But those ports would need to be explicitly enumerated
> somewhere, rather than merely being a range of numbers.

Yes, it clearly needs to be fully configurable. Perhaps some of the existing
internal firewall configuration mechanisms could be reused here...

				Ned

_______________________________________________
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

v2.23.0 | Report a Bug | By Email