为什么低于1024的端口是特权？ [英] Why are ports below 1024 privileged?

问题描述

我听说这是一个安全功能，但它通常看起来像是一个安全问题。如果我想编写一个使用特权端口的服务器，我不仅要担心代码的安全性，我还要特别担心我是否正确使用setuid和删除权限。

I've heard it's meant to be a security feature, but it often seems like a security problem. If I want to write a server that uses a privileged port, not only do I have to worry about how secure my code is, I have to especially worry about whether I'm using setuid right and dropping privileges.

推荐答案

是的。但这也意味着任何与您交谈的人都知道您必须拥有root权限才能运行该服务器。当您在端口22（例如）上登录服务器时，您知道您正在与root运行的进程（除了安全问题）进行通信，因此您可以信任该系统的密码或其他信息。不信任在该系统上拥有用户帐户的任何人。

True. But it also means that anyone talking to you knows that you must have to root privileges to run that server. When you log in to a server on port 22 (say), you know you're talking to a process that was run by root (security problems aside), so you trust it with your password for that system, or other information you might not trust to anyone with a user account on that system.

参考： http://www.w3.org/Daemon/User/Installation/PrivilegedPorts.html 。

编辑以详细说明推理：许多最重要的网络服务 - telnet（是的，它仍然使用 - 经常令人惊讶），SSH，许多HTTP服务，FTP等等 - 涉及通过网络发送密码等重要数据。在安全设置中，某种加密，无论是协议中固有的（SSH）还是包裹它（stunnel，IPSec），都可以保护数据不被窃听，但所有这些保护都在服务器上结束。

Edit to elaborate on the reasoning: a lot of the most important network services - telnet (yes, it's still used - surprisingly often), SSH, many HTTP services, FTP etc. etc. - involve sending important data like passwords over the wire. In a secure setup some sort of encryption, whether inherent in the protocol (SSH) or wrapped around it (stunnel, IPSec), protects the data from being snooped on the wire, but all these protections end at the server.

为了正确保护您的数据，您需要确保正在与真正的服务器通信。今天，安全证书是在网络（以及其他地方）执行此操作的最重要方式：您假设只有真正的服务器才能访问证书，因此如果您确认要与之通话的服务器具有该证书，则我会信任它。

In order to protect your data properly, you need to be sure that you're talking to the 'real' server. Today secure certificates are the most important way of doing this on the web (and elsewhere): you assume that only the 'real' server has access to the certificate, so if you verify that the server you're talking to has that certificate you'll trust it.

特权端口以非常类似的方式工作：只有root可以访问特权端口，因此如果您正在与特权端口通信，那么您就知道了正在和root谈话。这在现代网络上并不是很有用：重要的是服务器的身份，而不是IP。在其他类型的网络中，情况并非如此：例如，在学术网络中，服务器通常由安全房间中受信任的工作人员进行物理控制，但学生和工作人员可以作为用户自由访问。在这种情况下，通常可以安全地假设您始终可以信任root，因此您可以安全地登录并将私有数据发送到特权端口。如果普通用户可以监听所有端口，则需要一个额外的层来验证特定程序是否受某些数据信任。

Privileged ports work in a very similar way: only root has access to privileged ports, so if you're talking to a privileged port you know you're talking to root. This isn't very useful on the modern web: what matters is the identity of the server, not its IP. In other types of networks, this isn't the case: in an academic network, for example, servers are often physically controlled by trusted staff in secure rooms, but students and staff have quite free access as users. In this situation it's often safe to assume you can always trust root, so you can log in and send private data to a privileged port safely. If ordinary users could listen on all ports, you'd need a whole extra layer to verify that a particular program was trusted with certain data.

这篇关于为什么低于1024的端口是特权？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！