Subject: Re: $HOSTALIASES thing.
To: Robert Elz <kre@munnari.OZ.AU>
From: Jonathan Stone <jonathan@DSG.Stanford.EDU>
List: tech-kern
Date: 11/03/2000 23:07:38
>If you're thinking of the security associated with priv ports as being
>"that connection came from port 513, hence I really can trust that the
>user is who he claims to be, because that kernel wouldn't lie to me"
>then you're right, that's bogus.
In general: sure, no question. I had to make the point very
forcefully about 15 years ago.
However, there are still private or semi-private networks with small
trusted user and OS populations, where this protection model does
make sense.
So please don't throw it away altogether, because there are still
environments where it is useful, as weak as it is.