[ZODB-Dev] ZEO signal feature

Christian Reis kiko@async.com.br
Mon, 7 Oct 2002 20:12:44 -0300 

On Mon, Oct 07, 2002 at 06:44:50PM -0400, Greg Ward wrote:
> On 07 October 2002, Christian Reis said:
> > Maybe better, but not simpler. It's the Unix standard to run daemons in
> > low-numbered ports, and we know the reasons for it.
> 
> Really?  I thought the reasoning was something along these lines:
> 
>   * Unix only allows root to listen to low-numbered ports
>   * all Internet hosts are Unix machines
>   * all Unix machines are run by nice people
>   * therefore, connecting to a low-numbered TCP port doesn't
>     expose me to much danger
> 
> That reasoning may have been defensible in 1988, but it's not now.  HTTP
> daemons have to listen to port 80, and SMTP daemons have to listen to
> port 25, but why the heck does a ZEO daemon have to listen to a
> low-numbered port?

Well, that's one way to see it. I posted a bit prematurely, perhaps, but
there is some logic behind all this.

It's a fact that we do trust the root account is secure on boxes we are
connecting to (assuming that box really is the box we intended to
connect to). This to a certain extent means that all services running on
a low-number port for host foo.bar.baz are "legit" (DNS and IP-spoofing
aside, which could be the point of your message), since they require
root to bind. That's why I'm saying running ZEO in a low-numbered port
is a cheap alternative to provide some guarantee that the ZEO is the
real one (and not a fake one set up by *any* local user to replace the
crashed  real one, as me and Toby discussed a while back).

It might not be the best solution, but it's one that is commonly used
AFAICS. SSH does a lot more than this, of course, using certificates for
both client and server. I don't think SSH and ZEO are necessarily
required to be on the same level of security, but YMMV.

Having said that, PostgreSQL and MySQL use high-numbered ports by
default, as do other popular services. They are subject to the same kind
of trojanizing as any other high-port service. So it may very well be a
dumb idea. I guess I just wanted to bring it up. :-)

Take care,
--
Christian Reis, Senior Engineer, Async Open Source, Brazil.
http://async.com.br/~kiko/ | [+55 16] 261 2331 | NMFL