Hacker Newsnew | comments | show | ask | jobs | submit login

Traditionally only root could use ports lower than [1024]

As an aside, this is one of the more daft aspects of Unix. There's no reason whatsoever that http should need bits to run. The reasons cited for services such as ftp, smtp, imap, etc aren't very compelling, either. This restriction, ostensibly in the name of security, has in fact been a cause of a number of security problems.

In the silliness scale, it's up there with exposing numeric user IDs. (You can't do arithmetic with them for anything useful.)

I don't think you'd be very happy if the imap server crashed, a random user restarted it running as them, and then logged all the passwords entered...


No, I wouldn't. But so what? Putting trust in a service just because it's running on a low-numbered port is ridiculous.

If we want trustable services, there are ways to do that, although with mixed track records to be sure.

To try to create trustable services by assigning a range of ports to the superuser is clumsy in the extreme, and has all sorts of bad side effects.


Applications are open for YC Winter 2016

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact