Re: Guidance needed on well known ports
Ned Freed <ned.freed@mrochek.com> Mon, 20 March 2006 19:21 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FLPwi-0004GH-8D; Mon, 20 Mar 2006 14:21:40 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FLPwg-0004GC-90 for ietf@ietf.org; Mon, 20 Mar 2006 14:21:38 -0500
Received: from [206.117.180.234] (helo=mauve.mrochek.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FLPwf-0007Ia-Un for ietf@ietf.org; Mon, 20 Mar 2006 14:21:38 -0500
Received: from mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01M09PWBBUYO000078@mauve.mrochek.com> for ietf@ietf.org; Mon, 20 Mar 2006 11:21:34 -0800 (PST)
To: Harald Alvestrand <harald@alvestrand.no>
Message-id: <01M09Y81YIOC000078@mauve.mrochek.com>
Date: Mon, 20 Mar 2006 11:10:58 -0800
From: Ned Freed <ned.freed@mrochek.com>
In-reply-to: "Your message dated Mon, 20 Mar 2006 10:08:21 -0600" <441ED375.50202@alvestrand.no>
MIME-version: 1.0
Content-type: TEXT/PLAIN; charset="ISO-8859-1"; format="flowed"
References: <441C457D.5080900@cisco.com> <1142722547.1812.20.camel@mattugur.ifi.uio.no> <01M08N0RCFTS000078@mauve.mrochek.com> <20060320110923.GD31741@nic.fr> <441EB4BD.6000307@andybierman.com> <01M09QSI3LJ6000078@mauve.mrochek.com> <441ED375.50202@alvestrand.no>
X-Spam-Score: 0.1 (/)
X-Scan-Signature: 4d87d2aa806f79fed918a62e834505ca
Cc: Ned Freed <ned.freed@mrochek.com>, ietf@ietf.org
Subject: Re: Guidance needed on well known ports
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Errors-To: ietf-bounces@ietf.org
> Ned Freed wrote: > > > >> But does that student have access to the root account on servers which > >> are part of the networking infrastructure? Who cares if Joe User > >> blows up his own config. on a PC that nobody else depends on but Joe? > > > > But if nobody has local access to these servers, why is it is > > necessary or > > useful for servers to run with root access in order to bind to these > > ports? > I think the discussion has reinforced and crystallized my personal > feeling on the subject: > - Services will have to start up listening to specific ports. And in some cases they have to be able to reconfigure to listen on new ports without a full restart. This makes the "use root to start then drop it" approach problematic in some cases. > Whether > the port number is specified in an RFC, an SRV record or a config file > on a dozen other hosts is in fact irrelevant to the fact that they have > to start up knowing what port to listen to (unless they have write > access to SRV). Yep. > - The "root gets to open ports < 1024" mechanism is harmful; there are > ports < 1024 that need to be opened by non-root processes, and ports > > 1024 that need to be protected from "random programs". Agreed. > - Conclusion 1: Hosts that care about separation of privileges need to > be able to specify access rights on ports as part of their configuration > - with "can be handed out to processes asking for a port" being one > particular kind of access right. Yes, and there also needs to be flexibility as to what entities such access rights are given to. Neither a "this UID has these rights" or "this executable has these rights" are adequate in all cases, for example. > - Conclusion 2: There is no reason for standards to uphold the > distinction between <1024 and >1024 any more. Well, there may be some marginal cases left, but if there are they are certainly a minority taste now and their future fate seems certain. And we're definitely at the point where the <1024 approach carries more cost than benefit, so I agree that the time to drop the distinction in our processes is now. Ned _______________________________________________ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
- Guidance needed on well known ports Eliot Lear
- RE: Guidance needed on well known ports Christian Huitema
- Re: Guidance needed on well known ports Randy Presuhn
- Re: Guidance needed on well known ports Steven M. Bellovin
- RE: Guidance needed on well known ports Christian Huitema
- Re: Guidance needed on well known ports Steven M. Bellovin
- RE: Guidance needed on well known ports Joel M. Halpern
- RE: Guidance needed on well known ports Romascanu, Dan (Dan)
- RE: Guidance needed on well known ports Hallam-Baker, Phillip
- Re: Guidance needed on well known ports Kjetil Torgrim Homme
- RE: Guidance needed on well known ports Joel M. Halpern
- Re: Guidance needed on well known ports Peter Dambier
- Re: Guidance needed on well known ports Keith Moore
- Re: Guidance needed on well known ports Joe Touch
- RE: Guidance needed on well known ports Hallam-Baker, Phillip
- Re: Guidance needed on well known ports Ned Freed
- Re: Guidance needed on well known ports Brian E Carpenter
- Re: Guidance needed on well known ports Joe Touch
- Re: Guidance needed on well known ports Stephane Bortzmeyer
- Re: Guidance needed on well known ports Stephane Bortzmeyer
- Re: Guidance needed on well known ports Hallam-Baker, Phillip
- Re: Guidance needed on well known ports Hallam-Baker, Phillip
- Re: Guidance needed on well known ports Spencer Dawkins
- closing the port registry considered harmful (was… Keith Moore
- Re: Guidance needed on well known ports Keith Moore
- Re: Guidance needed on well known ports Andy Bierman
- Re: Guidance needed on well known ports Kjetil Torgrim Homme
- Re: Guidance needed on well known ports Eliot Lear
- Re: Guidance needed on well known ports Ned Freed
- Re: Guidance needed on well known ports Harald Alvestrand
- Re: Guidance needed on well known ports Keith Moore
- Re: Guidance needed on well known ports Hallam-Baker, Phillip
- Re: Guidance needed on well known ports Peter Dambier
- Re: Guidance needed on well known ports Keith Moore
- Re: Guidance needed on well known ports Hallam-Baker, Phillip
- Re: Guidance needed on well known ports Keith Moore
- Re: Guidance needed on well known ports Noel Chiappa
- Re: Guidance needed on well known ports Steven M. Bellovin
- Re: Guidance needed on well known ports Noel Chiappa
- Re: Guidance needed on well known ports Keith Moore
- Re: Guidance needed on well known ports Michael Thomas
- Re: Guidance needed on well known ports Ned Freed
- Re: Guidance needed on well known ports Peter Dambier
- Re: Guidance needed on well known ports Peter Dambier
- Re: Guidance needed on well known ports Ned Freed
- Re: Guidance needed on well known ports Steven M. Bellovin
- Re: Guidance needed on well known ports Brian E Carpenter
- Re: Guidance needed on well known ports Kjetil Torgrim Homme
- Re: Guidance needed on well known ports Simon Leinen
- Re: Guidance needed on well known ports Peter Dambier
- Re: Guidance needed on well known ports Joe Touch
- Re: Guidance needed on well known ports Joe Touch
- Re: Guidance needed on well known ports Joe Touch
- Re: Guidance needed on well known ports Joe Touch
- Re: Guidance needed on well known ports Stuart Cheshire
- Re: Guidance needed on well known ports Noel Chiappa
- Re: Guidance needed on well known ports Spencer Dawkins
- Re: Guidance needed on well known ports Steven M. Bellovin
- Re: Guidance needed on well known ports Noel Chiappa
- Re: Guidance needed on well known ports Eliot Lear
- Re: Guidance needed on well known ports Keith Moore
- Re: Guidance needed on well known ports Joe Touch
- Re: Guidance needed on well known ports Jeffrey Hutzelman
- Re: Guidance needed on well known ports Jeffrey Hutzelman
- Re: Guidance needed on well known ports Joe Touch
- Re: Guidance needed on well known ports Noel Chiappa
- Re: Guidance needed on well known ports Lyndon Nerenberg
- Re: Guidance needed on well known ports Steven M. Bellovin
- Re: Guidance needed on well known ports Eliot Lear
- Re: Guidance needed on well known ports Ned Freed
- Re: Guidance needed on well known ports Joe Touch
- Re: Guidance needed on well known ports Joe Touch
- Re: Guidance needed on well known ports Joe Touch
- Re: Guidance needed on well known ports Harald Alvestrand