User: Password:
|
|
Subscribe / Log in / New account

LCE: The failure of operating systems and how we can fix it

LCE: The failure of operating systems and how we can fix it

Posted Jun 29, 2014 8:50 UTC (Sun) by stevenp129 (guest, #97662)
In reply to: LCE: The failure of operating systems and how we can fix it by dlang
Parent article: LCE: The failure of operating systems and how we can fix it

what about the fact that if a user could bind to a low level port, they could take advantage of race conditions, and put up a web server (or proxy) in place of the intended appliance?

if user BOB wrote a program to constantly monitor Apache, and the second its PID dies, he was to fire up his own web server on port 80, he could steal sensitive information and password (with great ease).

on a shared hosting service (for example), if somebody neglected to update their CMS to the latest version, and the host runs their webserver without a Chroot... a simple bug or exploit in a website could, in turn, allow a rogue PHP or CGI Script to take over the entire server! not good!

or imagine your DNS server going down! due to a hostile take over... they could redirect traffic to their own off site server, and perform phishing attacks against you and all your clients this way!

Of course there are legitimate reasons to forbid those without privs to bind to ports less that 1024... I'm not sure what is so "stupid" about this idea?


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds