to me that seems like a rather insecure way of organizing things because that means that all your public services will be root controled ready for some hacker with a buffer overflow to format your hard drive using root's priv's.
Lotsa daemons allow you to configure (or compile) them to run under an account with less privileges after binding to a privileged port. Take for instance Apache. The "parent" process runs a root, which allows it to bind to a "low" port, and then creates some child processes that run with less privileges. Those child processes only task is to serve pages, the parent doesn't interact with them in any way and so cannot be (easily) compromised. Processes that don't have process separation or posess a risk in other ways can be chrooted or ran inside UML. A chroot means that even if the daemon was told to perform some unholy action that allowed an attacker to execute commands with the id of the process, it would be contained inside a "jail" that, if configured well, can't be broken out of (easily). (Please check out the
LQ FAQ: Security references, hardening.) UML means running Linux inside Linux. A more versatile way of restricting processes from harming the system.
my question; is there a kernel patch or some command toward the proc filesystem that can change this so that normal user programs can use lower numbered ports (ie; 80)
if everything I said is incorrect, please do point and laugh.
Like I've said times and times before,
in my humble opinions there are no stupid questions.
The only thing that's stupid is *not* asking.
