Path: csiph.com!weretis.net!feeder9.news.weretis.net!panix!.POSTED.spitfire.i.gajendra.net!not-for-mail From: cross@spitfire.i.gajendra.net (Dan Cross) Newsgroups: comp.unix.programmer Subject: Re: MacOS TCP port permissions Date: Fri, 17 Apr 2026 14:50:11 -0000 (UTC) Organization: PANIX Public Access Internet and UNIX, NYC Message-ID: <10rthb3$449$1@reader1.panix.com> References: <10rq7hc$1b1bt$1@dont-email.me> <69e1dd4f$0$7095$426a74cc@news.free.fr> <69e23a5a$0$992$426a74cc@news.free.fr> Injection-Date: Fri, 17 Apr 2026 14:50:11 -0000 (UTC) Injection-Info: reader1.panix.com; posting-host="spitfire.i.gajendra.net:166.84.136.80"; logging-data="4233"; mail-complaints-to="abuse@panix.com" X-Newsreader: trn 4.0-test77 (Sep 1, 2010) Originator: cross@spitfire.i.gajendra.net (Dan Cross) Xref: csiph.com comp.unix.programmer:17079 In article <69e23a5a$0$992$426a74cc@news.free.fr>, Nicolas George wrote: >Richard Kettlewell , dans le message >, a écrit : >> That only works in specific niches. >> >> * macOS is not the first OS to discard the ‘privileged port’ concept; >> Windows never had it. > >Only idiots run servers on these systems anyway. What a ridiculously simplistic take. Consider a corporate network with central administration of e.g. Mac and Windows workstations: you know, the kind of network that people use to actually get stuff done. Those workstations almost certainly run some kind of service agent that provides the interface for participating in the management system: providing telemetry, updating software; all that kind of thing. This obviously implies running some kind of "server" on those systerms. Cryptographically authenticating those servers is far, far more secure than relying on some notion of privileged "port". And once all of your services are using strong authentication, what is the value of restricting access to ports based on their number? - Dan C.