Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.unix.programmer > #17080
| From | cross@spitfire.i.gajendra.net (Dan Cross) |
|---|---|
| Newsgroups | comp.unix.programmer |
| Subject | Goodbye, Privileged Ports! [was Re: MacOS TCP port permissions] |
| Date | 2026-04-17 14:58 +0000 |
| Organization | PANIX Public Access Internet and UNIX, NYC |
| Message-ID | <10rthr1$449$2@reader1.panix.com> (permalink) |
| References | <10rq7hc$1b1bt$1@dont-email.me> <jv07bm-h8p.ln1@ID-313840.user.individual.net> <10rqsr8$1bra1$1@dont-email.me> |
In article <10rqsr8$1bra1$1@dont-email.me>, <boltar@caprica.universe> wrote: >On Thu, 16 Apr 2026 13:23:47 +0100 >Geoff Clare <geoff@clare.See-My-Signature.invalid> gabbled: >>boltar wrote: >> >>> I've just discovered that the current version of MacOS I'm running (15.7.5) >>> doesn't seem to enforce restricted TCP ports below 1024 and a process >>> without root permission seems to be able to open a listening socket on any >>> port it pleases. I'm using a standard user account without AFAIK any special >> >>> priviledges given to it. >>> >>> Perhaps MacOS never enforced this, anyone know? >> >>Apparently it changed in MacOS Mojave to match how iOS behaves. >> >>See https://developer.apple.com/forums/thread/674179 > >Cheers for that. Whoever "DTS Engineer" is he clearly doesn't understand the >reasons the restriction was put in in the first place - ie that the services >on low ports are the real deal and not maybe some credential snatcher spun >up by a user. eg, running a hacked version of sshd on port 22. You're right. That engineer probably never had to deal with computationally expensive cryptographic code on a slow VAX-11 computer with performance masured at less than one million instructions per second and RAM in the single-digit megabytes, running an operating system designed for unnetworked timesharing on a single machine, with no useful data that would let them securely authenticate users across an untrusted network (let alone provide mutual authentication of the server!), all while the system was loaded down with 20 interactive timesharing users all trying to do real work. Well, having dealt with that myself, all I can say is, thank goodness those days ended in the mid-1980s! - Dan C.
Back to comp.unix.programmer | Previous | Next — Previous in thread | Find similar
MacOS TCP port permissions boltar@caprica.universe - 2026-04-16 08:44 +0000
Re: MacOS TCP port permissions Geoff Clare <geoff@clare.See-My-Signature.invalid> - 2026-04-16 13:23 +0100
Re: MacOS TCP port permissions boltar@caprica.universe - 2026-04-16 14:48 +0000
Re: MacOS TCP port permissions Richard Kettlewell <invalid@invalid.invalid> - 2026-04-16 20:29 +0100
Re: MacOS TCP port permissions boltar@caprica.universe - 2026-04-17 10:31 +0000
Re: MacOS TCP port permissions cross@spitfire.i.gajendra.net (Dan Cross) - 2026-04-17 14:04 +0000
Re: MacOS TCP port permissions boltar@caprica.universe - 2026-04-17 14:41 +0000
Re: MacOS TCP port permissions cross@spitfire.i.gajendra.net (Dan Cross) - 2026-04-17 15:20 +0000
Re: MacOS TCP port permissions boltar@caprica.universe - 2026-04-17 15:50 +0000
Re: MacOS TCP port permissions cross@spitfire.i.gajendra.net (Dan Cross) - 2026-04-17 16:09 +0000
Re: MacOS TCP port permissions boltar@caprica.universe - 2026-04-18 10:28 +0000
Re: MacOS TCP port permissions cross@spitfire.i.gajendra.net (Dan Cross) - 2026-04-18 15:06 +0000
Re: MacOS TCP port permissions boltar@caprica.universe - 2026-04-18 15:26 +0000
Re: MacOS TCP port permissions cross@spitfire.i.gajendra.net (Dan Cross) - 2026-04-18 15:48 +0000
Re: MacOS TCP port permissions boltar@caprica.universe - 2026-04-18 15:52 +0000
Re: MacOS TCP port permissions cross@spitfire.i.gajendra.net (Dan Cross) - 2026-04-18 15:56 +0000
Re: MacOS TCP port permissions boltar@caprica.universe - 2026-04-18 15:59 +0000
Re: MacOS TCP port permissions cross@spitfire.i.gajendra.net (Dan Cross) - 2026-04-18 16:12 +0000
Re: MacOS TCP port permissions boltar@caprica.universe - 2026-04-19 09:02 +0000
Re: MacOS TCP port permissions scott@slp53.sl.home (Scott Lurndal) - 2026-04-18 15:56 +0000
Re: MacOS TCP port permissions boltar@caprica.universe - 2026-04-18 15:58 +0000
Re: MacOS TCP port permissions Nuno Silva <nunojsilva@invalid.invalid> - 2026-04-19 00:05 +0100
Re: MacOS TCP port permissions Nuno Silva <nunojsilva@invalid.invalid> - 2026-04-19 00:01 +0100
Re: MacOS TCP port permissions cross@spitfire.i.gajendra.net (Dan Cross) - 2026-04-18 23:50 +0000
Re: MacOS TCP port permissions scott@slp53.sl.home (Scott Lurndal) - 2026-04-17 19:56 +0000
Re: MacOS TCP port permissions Keith Thompson <Keith.S.Thompson+u@gmail.com> - 2026-04-17 13:34 -0700
Re: MacOS TCP port permissions Richard Kettlewell <invalid@invalid.invalid> - 2026-04-17 22:53 +0100
Re: MacOS TCP port permissions cross@spitfire.i.gajendra.net (Dan Cross) - 2026-04-17 22:56 +0000
Re: MacOS TCP port permissions Keith Thompson <Keith.S.Thompson+u@gmail.com> - 2026-04-17 16:48 -0700
Re: MacOS TCP port permissions cross@spitfire.i.gajendra.net (Dan Cross) - 2026-04-18 01:56 +0000
Re: MacOS TCP port permissions boltar@caprica.universe - 2026-04-18 10:39 +0000
Re: MacOS TCP port permissions cross@spitfire.i.gajendra.net (Dan Cross) - 2026-04-18 15:08 +0000
Re: MacOS TCP port permissions boltar@caprica.universe - 2026-04-18 15:28 +0000
Re: MacOS TCP port permissions cross@spitfire.i.gajendra.net (Dan Cross) - 2026-04-18 15:48 +0000
Re: MacOS TCP port permissions boltar@caprica.universe - 2026-04-18 15:55 +0000
Re: MacOS TCP port permissions cross@spitfire.i.gajendra.net (Dan Cross) - 2026-04-18 15:57 +0000
Re: MacOS TCP port permissions boltar@caprica.universe - 2026-04-19 09:00 +0000
Re: MacOS TCP port permissions cross@spitfire.i.gajendra.net (Dan Cross) - 2026-04-19 13:20 +0000
Re: MacOS TCP port permissions boltar@caprica.universe - 2026-04-20 09:34 +0000
Re: MacOS TCP port permissions cross@spitfire.i.gajendra.net (Dan Cross) - 2026-04-20 12:42 +0000
Re: MacOS TCP port permissions boltar@caprica.universe - 2026-04-20 14:14 +0000
Re: MacOS TCP port permissions cross@spitfire.i.gajendra.net (Dan Cross) - 2026-04-20 17:04 +0000
Re: MacOS TCP port permissions boltar@caprica.universe - 2026-04-18 10:36 +0000
Re: MacOS TCP port permissions Keith Thompson <Keith.S.Thompson+u@gmail.com> - 2026-04-18 17:54 -0700
Re: MacOS TCP port permissions baltar@caprica.prime - 2026-04-19 09:08 +0000
Re: MacOS TCP port permissions cross@spitfire.i.gajendra.net (Dan Cross) - 2026-04-19 13:29 +0000
Re: MacOS TCP port permissions boltar@caprica.universe - 2026-04-20 09:35 +0000
Re: MacOS TCP port permissions Nuno Silva <nunojsilva@invalid.invalid> - 2026-04-19 10:45 +0100
Re: MacOS TCP port permissions boltar@caprica.universe - 2026-04-20 09:32 +0000
Re: MacOS TCP port permissions Nuno Silva <nunojsilva@invalid.invalid> - 2026-04-20 23:52 +0100
Re: MacOS TCP port permissions boltar@caprica.universe - 2026-04-21 08:27 +0000
Re: MacOS TCP port permissions boltar@caprica.universe - 2026-04-18 10:30 +0000
Re: MacOS TCP port permissions Richard Kettlewell <invalid@invalid.invalid> - 2026-04-17 20:09 +0100
Re: MacOS TCP port permissions boltar@caprica.universe - 2026-04-18 10:32 +0000
Re: MacOS TCP port permissions Richard Kettlewell <invalid@invalid.invalid> - 2026-04-18 13:02 +0100
Re: MacOS TCP port permissions boltar@caprica.universe - 2026-04-18 14:40 +0000
Re: MacOS TCP port permissions kalevi@kolttonen.fi (Kalevi Kolttonen) - 2026-04-18 15:14 +0000
Re: MacOS TCP port permissions boltar@caprica.universe - 2026-04-18 15:29 +0000
Re: MacOS TCP port permissions kalevi@kolttonen.fi (Kalevi Kolttonen) - 2026-04-18 15:52 +0000
Re: MacOS TCP port permissions boltar@caprica.universe - 2026-04-18 15:57 +0000
Re: MacOS TCP port permissions kalevi@kolttonen.fi (Kalevi Kolttonen) - 2026-04-18 15:59 +0000
Re: MacOS TCP port permissions Nuno Silva <nunojsilva@invalid.invalid> - 2026-04-19 00:24 +0100
Re: MacOS TCP port permissions cross@spitfire.i.gajendra.net (Dan Cross) - 2026-04-18 23:53 +0000
Running sshd on another port does have merit - even if in theory it does not (Was: MacOS TCP port permissions) gazelle@shell.xmission.com (Kenny McCormack) - 2026-04-19 16:01 +0000
Re: Running sshd on another port does have merit - even if in theory it does not kalevi@kolttonen.fi (Kalevi Kolttonen) - 2026-04-19 16:28 +0000
Re: MacOS TCP port permissions boltar@caprica.universe - 2026-04-19 09:03 +0000
Re: MacOS TCP port permissions Nuno Silva <nunojsilva@invalid.invalid> - 2026-04-19 10:26 +0100
Re: MacOS TCP port permissions Richard Kettlewell <invalid@invalid.invalid> - 2026-04-18 17:07 +0100
Re: MacOS TCP port permissions Lawrence D’Oliveiro <ldo@nz.invalid> - 2026-04-18 22:36 +0000
Re: MacOS TCP port permissions Lawrence D’Oliveiro <ldo@nz.invalid> - 2026-04-16 23:23 +0000
Re: MacOS TCP port permissions Keith Thompson <Keith.S.Thompson+u@gmail.com> - 2026-04-16 16:34 -0700
Re: MacOS TCP port permissions Nuno Silva <nunojsilva@invalid.invalid> - 2026-04-17 01:00 +0100
Re: MacOS TCP port permissions Nicolas George <nicolas$george@salle-s.org> - 2026-04-17 07:12 +0000
Re: MacOS TCP port permissions Richard Kettlewell <invalid@invalid.invalid> - 2026-04-17 08:54 +0100
Re: MacOS TCP port permissions Nicolas George <nicolas$george@salle-s.org> - 2026-04-17 13:49 +0000
Re: MacOS TCP port permissions cross@spitfire.i.gajendra.net (Dan Cross) - 2026-04-17 14:50 +0000
Re: MacOS TCP port permissions Nuno Silva <nunojsilva@invalid.invalid> - 2026-04-18 09:22 +0100
Re: MacOS TCP port permissions scott@slp53.sl.home (Scott Lurndal) - 2026-04-18 15:55 +0000
Re: MacOS TCP port permissions cross@spitfire.i.gajendra.net (Dan Cross) - 2026-04-18 16:09 +0000
Re: MacOS TCP port permissions boltar@caprica.universe - 2026-04-17 10:31 +0000
Re: MacOS TCP port permissions Lawrence D’Oliveiro <ldo@nz.invalid> - 2026-04-17 22:53 +0000
Goodbye, Privileged Ports! [was Re: MacOS TCP port permissions] cross@spitfire.i.gajendra.net (Dan Cross) - 2026-04-17 14:58 +0000
csiph-web