[Nix-dev] Can non-root users open new ports?
Vladimír Čunát
vcunat at gmail.com
Sat Jun 1 21:17:33 CEST 2013
On 06/01/2013 09:07 PM, Cai Chen wrote:
> Thank you, Vlad. I think leaving non-privileged ports (above 1024) wide
> open has serious security implication. People still can ping ip:port and
> knock the server down. Is my concern valid? Is there a way to secure our
> nixos server but still give our non-root users ability to open any port
> above 1024?
Many don't consider that a security problem (including me)... you can
read that in the link I sent :-)
Users have to open the ports and the attacker could only gain privileges
of the user in the worst case (if the user ran something dangerous on
the port). I suppose it depends on what you do on the machine.
Vlada
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3251 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.science.uu.nl/pipermail/nix-dev/attachments/20130601/0250e557/attachment.bin
More information about the nix-dev
mailing list