Binding ssh to priviledged port breaks rule (port < 1024 => system service)
Ola Sigurdson
Ola at Sigurdson.SE
Mon Feb 14 23:54:00 EST 2000
I'm sure there is a rationale for binding the ssh client to a
priviledged port. (Which?)
However there are several drawbacks to this:
o It breaks firewall rules that assume that user connections start at
port > 1024 or > 32768.
o It breaks monitoring software using the same assumptions.
o Every suid program is a separate evil (caused by the flawed security
model in most unices).
I therefore suggest that distribution ship with no suid.
Anyway, thanks for a great piece of software.
/Ola Sigurdson
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 1116 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20000214/5aea133f/attachment.bin
More information about the openssh-unix-dev
mailing list