 Linux really needs to remove the “privileged ports” security theater bullshit. We’re no longer living in the mainframe era. The security properties of the Internet are different to mainframes. This is actually an anti-feature that either complicates life or actually compromises security (when folks run servers as root and forget to drop privileges , etc.). If anyone has any sway within the kernel team, etc., please do your thing. 20 comments
 @aral after Brexit, Johnson's win at the GE and all the shenanigans that followed pushed me to leave the UK, I made a point of using the American spelling everywhere I can. I know it sounds silly, but imagine if I go back to the UK and keep doing it :D  @aral how is it theatre? For example when I have to expose ssh to the internet I usually use port 2022 because at least that's one more layer of security, in case someone gets user access to the system and are able to crash the ssh service they can't start their own service that harvests passwords because it was on a privileged port. @aral @stemid I mean, there's just plenty of solutions. From what I read in your article you have found one through modifying a kernel parameter. Which means that the mechanism is implemented. It's just not enabled by default. I see lots of workarounds to your problem and Linux in itself doesn't prevent one from achieving the behavior you're looking for. @aral ok I read the post but all I can say is that I deploy services of all sorts of languages and frameworks for a living and I never have to give them any higher privileges. Because in production there is always a proxy in front of the service, and in dev they can use nonstandard ports. So I still see no reason to allow services to use privileged ports in my view. But we all have different perspectives. @stemid This is my use case: https://ar.al/2020/08/07/what-is-the-small-web/ We need to set up your own Facebook on your own server in under a minute with no technical knowledge required on your part. And democratise development while we’re at it as much as possible. So no front controller/proxy, etc., setups. Think lightweight server with in-process database. But, beyond use cases, again, it provides no real security unless you’re administering a System/360. @stemid "oh no, someone already got access to our system and starts collecting its data, I'm sure it's not too late to stop everything!" @hatkidchan it's absolutely not too late. System access does not mean access to sensitive data. That is precisely why Linux has things like multiple users accounts, file permissions, promiscuous mode networking, and of course more advanced MAC systems like selinux. So no the battle is absolutely not lost just because someone has access to a system.  @aral stopped reading the article after "And this does not work if the daemon is written in Java, which is quite popular for web servers." @demvw Just = the only reason you need sudo during an installation process. These things have usability ramifications. @aral I did read the articles. In embedded we also use selinux to lock everything down even more. |
Gregory's Server
Bloody autocorrect got me with the American spelling of the word in the end. I knew it would one day :)