为什么低于 1024 的端口有特权? [英] Why are ports below 1024 privileged?

问题描述

我听说它是​​一种安全功能，但它通常看起来像是一个安全问题.如果我想写一个使用特权端口的服务器，我不仅要担心我的代码有多安全，我还要特别担心我是否正确使用setuid并丢弃了特权.

I've heard it's meant to be a security feature, but it often seems like a security problem. If I want to write a server that uses a privileged port, not only do I have to worry about how secure my code is, I have to especially worry about whether I'm using setuid right and dropping privileges.

推荐答案

True.但这也意味着与您交谈的任何人都知道您必须拥有 root 权限才能运行该服务器.当您在端口 22 上登录服务器时(例如)，您知道您正在与一个由 root 运行的进程(安全问题不谈)进行对话，因此您可以使用该系统的密码或其他信息信任它不要信任在该系统上拥有用户帐户的任何人.

True. But it also means that anyone talking to you knows that you must have to root privileges to run that server. When you log in to a server on port 22 (say), you know you're talking to a process that was run by root (security problems aside), so you trust it with your password for that system, or other information you might not trust to anyone with a user account on that system.

参考:http://www.w3.org/Daemon/User/Installation/PrivilegedPorts.html.

编辑以详细说明推理:许多最重要的网络服务 - telnet(是的，它仍然被使用 - 令人惊讶地经常使用)、SSH、许多 HTTP 服务、FTP 等 - 涉及发送密码等重要数据电线.在安全设置中，某种加密，无论是在协议 (SSH) 中固有的还是围绕它的 (stunnel、IPSec)，都可以保护数据免于在网络上被窥探，但所有这些保护都在服务器端结束.

Edit to elaborate on the reasoning: a lot of the most important network services - telnet (yes, it's still used - surprisingly often), SSH, many HTTP services, FTP etc. etc. - involve sending important data like passwords over the wire. In a secure setup some sort of encryption, whether inherent in the protocol (SSH) or wrapped around it (stunnel, IPSec), protects the data from being snooped on the wire, but all these protections end at the server.

为了正确保护您的数据，您需要确保您正在与真实"服务器通话.今天，安全证书是在网络(和其他地方)上执行此操作的最重要方式:您假设只有真实"服务器可以访问证书，因此如果您验证您正在与之交谈的服务器具有该证书，您会相信它.

In order to protect your data properly, you need to be sure that you're talking to the 'real' server. Today secure certificates are the most important way of doing this on the web (and elsewhere): you assume that only the 'real' server has access to the certificate, so if you verify that the server you're talking to has that certificate you'll trust it.

特权端口的工作方式非常相似:只有 root 可以访问特权端口，因此如果您正在与特权端口通话，您就知道您正在与 root 通话.这在现代网络上不是很有用:重要的是服务器的身份，而不是它的 IP.在其他类型的网络中，情况并非如此:例如，在学术网络中，服务器通常由安全房间中受信任的工作人员物理控制，但学生和工作人员作为用户可以自由访问.在这种情况下，通常可以安全地假设您始终可以信任 root，因此您可以安全地登录并将私有数据发送到特权端口.如果普通用户可以侦听所有端口，则您需要一个额外的层来验证特定程序是否受某些数据的信任.

Privileged ports work in a very similar way: only root has access to privileged ports, so if you're talking to a privileged port you know you're talking to root. This isn't very useful on the modern web: what matters is the identity of the server, not its IP. In other types of networks, this isn't the case: in an academic network, for example, servers are often physically controlled by trusted staff in secure rooms, but students and staff have quite free access as users. In this situation it's often safe to assume you can always trust root, so you can log in and send private data to a privileged port safely. If ordinary users could listen on all ports, you'd need a whole extra layer to verify that a particular program was trusted with certain data.

这篇关于为什么低于 1024 的端口有特权?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！