IETF Logo Mail Archive

Re: Guidance needed on well known ports

Peter Dambier <peter@peter-dambier.de> Mon, 20 March 2006 20:14 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FLQlX-00072b-HU; Mon, 20 Mar 2006 15:14:11 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FLQlW-00072W-0g for ietf@ietf.org; Mon, 20 Mar 2006 15:14:10 -0500
Received: from mail.gmx.de ([213.165.64.20] helo=mail.gmx.net) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1FLQlT-00018C-EH for ietf@ietf.org; Mon, 20 Mar 2006 15:14:10 -0500
Received: (qmail invoked by alias); 20 Mar 2006 20:14:05 -0000
Received: from p54A7DD18.dip.t-dialin.net (EHLO peter-dambier.de) [84.167.221.24] by mail.gmx.net (mp041) with SMTP; 20 Mar 2006 21:14:05 +0100
X-Authenticated: #8956597
Message-ID: <441F0D13.2050200@peter-dambier.de>
Date: Mon, 20 Mar 2006 21:14:11 +0100
From: Peter Dambier <peter@peter-dambier.de>
Organization: Peter and Karin Dambier
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4.2) Gecko/20040921
X-Accept-Language: en-us, en
MIME-Version: 1.0
CC: ietf@ietf.org
References: <198A730C2044DE4A96749D13E167AD375A2C23@MOU1WNEXMB04.vcorp.ad.vrsn.com>
In-Reply-To: <198A730C2044DE4A96749D13E167AD375A2C23@MOU1WNEXMB04.vcorp.ad.vrsn.com>
X-Enigmail-Version: 0.76.8.0
X-Enigmail-Supports: pgp-inline, pgp-mime
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Y-GMX-Trusted: 0
X-Spam-Score: 0.1 (/)
X-Scan-Signature: 8abaac9e10c826e8252866cbe6766464
Subject: Re: Guidance needed on well known ports
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: peter@peter-dambier.de
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Errors-To: ietf-bounces@ietf.org

Hallam-Baker, Phillip wrote:
> The idea of requiring a privillege to access certain ports can have utility.
> 
> The idea of requiring root in a monolithic two level system like unix is 
> a very bad one indeed. Http and smtp servers should not run as root. 
> Forcing them to is bad o/s design.

Bind is chrooted into directory /usr/lib/named and runs as user named.
Apache is chrooted into /usr/lib/www and runs as user wwwrun.
Exim is chrooted into /usr/lib/exim and runs as user exim.
...

There are even systemcalls in all flavours of unix for doing this.
There is (almost) no need to run anything as root.

Bernstein too has ideas too, how not to run things as root ...
Works under all flavours of unix, including MAC OS-X. I guesstimate
that works for some 70% of all servers.

-- 
Peter and Karin Dambier
The Public-Root Consortium
Graeffstrasse 14
D-64646 Heppenheim
+49(6252)671-788 (Telekom)
+49(179)108-3978 (O2 Genion)
+49(6252)750-308 (VoIP: sipgate.de)
mail: peter@peter-dambier.de
mail: peter@echnaton.serveftp.com
http://iason.site.voila.fr/
https://sourceforge.net/projects/iason/


_______________________________________________
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

v2.29.0 | Report a Bug | By Email | System Status