[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Evaluation: draft-ietf-netconf-ssh-05.txt to Proposed Standar d [I06-051127-0011]

To: "McDonald, Ira" <imcdonald@sharplabs.com>
Subject: Re: Evaluation: draft-ietf-netconf-ssh-05.txt to Proposed Standar d [I06-051127-0011]
From: Andy Bierman <ietf@andybierman.com>
Date: Fri, 17 Mar 2006 14:41:56 -0800
Cc: "'Eliot Lear'" <lear@cisco.com>, "'Steve Moulton'" <moulton@snmp.com>, "Netconf (E-mail)" <netconf@ops.ietf.org>
In-reply-to: <CFEE79A465B35C4385389BA5866BEDF00C7FB8@mailsrvnt02.enet.sharplabs.com>
References: <CFEE79A465B35C4385389BA5866BEDF00C7FB8@mailsrvnt02.enet.sharplabs.com>
User-agent: Thunderbird 1.5 (Windows/20051201)

McDonald, Ira wrote:

Eliot Lear wrote:

Ira,

If Netconf is not a _ubiquitous_ general replacement for SNMP
and other legacy configuration protocols for ALL network
elements, then it's not a critical system service - period.

SNMP didn't start as a ubiquitous replacement for anything.  It's a
mistake to make this decision based on popularity.  The question in my

opinion is ONLY a matter of who can bind the port and whatimpact it can

have.  Now, arguably one could argue that if you get your process

initiation order correct, this isn't a problem. On the otherhand, if a

process can be killed, then the problem recurs.  This to me is the
technical issue.  It's not a political vanity.  If we were talking

about, oh, say, the "talk" or "finger" protocols, I'd feeldifferently...


Security through low-numbered ports is non-existent - this is old
thinking that certainly isn't reflected in many operating systems.
Security of local processes is NOT based on port numbers.

I stand by my 'political vanity issue' comment.


I agree with Eliot.
This is a technical issue for unix implementations.
Even if a root process starts up on the netconf port,
it is less secure if this port number is not a system port.

Instead of gaining access as 'root' to masquerade as the
netconf agent, I just have to make the real agent crash,
then rebind to the >1024 port as a plain user.  This is weaker security
then forcing a hacker to gain access as 'root' before doing damage.

I don't think your argument that NETCONF "as of today"
is not widely used, and so is not  "well known" is irrelevant.

Few (if any) protocols are in wide use before they are assigned portnumbers by IANA.

Since it doesn't matter to you what the port number is,
but it does matter to a unix developer, why not put it in
the system range?  Since the "system range" is pointless
in your view, what does it matter if we use up 3 of the 320 or so
remaining numbers?

As Eliot pointed out,  what activities do you foresee more
privileged than device configuration, which should get the
remaining 30% of the system numbers?

Cheers,
- Ira


Andy


--
to unsubscribe send a message to netconf-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/netconf/>

References:
- RE: Evaluation: draft-ietf-netconf-ssh-05.txt to Proposed Standar d [I06-051127-0011]
  - From: "McDonald, Ira" <imcdonald@sharplabs.com>

Prev by Date: Re: Evaluation: draft-ietf-netconf-ssh-05.txt to Proposed Standar d [I06-051127-0011]
Next by Date: Re: use of netconf to configure Unix systems
Previous by thread: RE: Evaluation: draft-ietf-netconf-ssh-05.txt to Proposed Standar d [I06-051127-0011]
Next by thread: RE: Evaluation: draft-ietf-netconf-ssh-05.txt to Proposed Standar d [I06-051127-0011]
Index(es):
- Date
- Thread