The idea of privileged ports is deprecated

Latest response

Once upon a time, the original idea of high and low (< 1024) ports was a... well, good one, I guess.

 

The idea was that, when a service was running on a low port, the service must have been started by the administrator of that system, so that service must be deemed safe.

 

Obviously, with networking changing over the last 20 years or so (rise of the internet et all), this idea has been deprecated for at least 10 of those years.

 

A service with normal user permissions should therefor be allowed to run on sockets < 1024. This prevents deamons such as sendmail of needing a SUID bit, even though it'll drop privileges as soon as it has the socket.

Responses