Binding ssh to priviledged port breaks rule (port < 1024 => system service)

Ola Sigurdson Ola at Sigurdson.SE
Mon Feb 14 23:54:00 EST 2000


I'm sure there is a rationale for binding the ssh client to a
priviledged port. (Which?)

However there are several drawbacks to this:

o It breaks firewall rules that assume that user connections start at
port > 1024 or > 32768.

o It breaks monitoring software using the same assumptions.

o Every suid program is a separate evil (caused by the flawed security
model in most unices). 

I therefore suggest that distribution ship with no suid.


Anyway, thanks for a great piece of software.
/Ola Sigurdson
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 1116 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20000214/5aea133f/attachment.bin 


More information about the openssh-unix-dev mailing list