Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!uunet!rbj From: rbj@uunet.UU.NET (Root Boy Jim) Newsgroups: comp.unix.wizards Subject: Re: Wizard-level questions Message-ID: <120840@uunet.UU.NET> Date: 1 Feb 91 19:50:44 GMT References: <1991Jan26.142403.22812@mp.cs.niu.edu> <120574@uunet.UU.NET> <5653@auspex.auspex.com> Organization: UUNET Communications Services, Falls Church, VA Lines: 25 In article <5653@auspex.auspex.com> guy@auspex.auspex.com (Guy Harris) writes: >>Besides getpeername, there is the concept of privileged ports in UNIX. >>They can be allocated only by root, and presumably root writes only >>trusted programs. Like sendmail, ftp, and finger :-) > >In addition, that concept doesn't exist on other OSes, so if you have a >program that expects only privileged programs to be coming in from >privileged ports, may I attach a PC running DOS and some TCP/IP software >to your network? I'm sure it'd be lots of fun.... OK, since Guy opened up this line of discussion I may as well persue it. All the network really guarantees you is the identity of the IP address, and port number. It is your decision to trust a given host, and you delegate trust over what its users do, to its administrators and its operating system. Actually, only the network part of the info is truly reliable. Someone with a PC could wait until a well known trusted host is down for backups or maintenance or whatever, claim to be it, and the only way the rest of the net would know is if they cared about the ARP mapping between ethernet address and IP address. -- Root Boy Jim Cottrell Close the gap of the dark year in between