Wizard-level questions
Root Boy Jim
rbj at uunet.UU.NET
Sat Feb 2 06:50:44 AEST 1991
In article <5653 at auspex.auspex.com> guy at auspex.auspex.com (Guy Harris) writes:
>>Besides getpeername, there is the concept of privileged ports in UNIX.
>>They can be allocated only by root, and presumably root writes only
>>trusted programs. Like sendmail, ftp, and finger :-)
>
>In addition, that concept doesn't exist on other OSes, so if you have a
>program that expects only privileged programs to be coming in from
>privileged ports, may I attach a PC running DOS and some TCP/IP software
>to your network? I'm sure it'd be lots of fun....
OK, since Guy opened up this line of discussion I may as well persue it.
All the network really guarantees you is the identity of the IP address,
and port number. It is your decision to trust a given host, and you
delegate trust over what its users do, to its administrators and
its operating system.
Actually, only the network part of the info is truly reliable.
Someone with a PC could wait until a well known trusted host
is down for backups or maintenance or whatever, claim to be it,
and the only way the rest of the net would know is if they cared
about the ARP mapping between ethernet address and IP address.
--
Root Boy Jim Cottrell <rbj at uunet.uu.net>
Close the gap of the dark year in between
More information about the Comp.unix.wizards
mailing list