On Thu, 16 Apr 2026 13:23:47 +0100
Geoff Clare <geoff@clare.See-My-Signature.invalid> gabbled:boltar wrote:>
>I've just discovered that the current version of MacOS I'm running (15.7.5)>
doesn't seem to enforce restricted TCP ports below 1024 and a process
without root permission seems to be able to open a listening socket on any
port it pleases. I'm using a standard user account without AFAIK any specialpriviledges given to it.>
Perhaps MacOS never enforced this, anyone know?
Apparently it changed in MacOS Mojave to match how iOS behaves.
>
See https://developer.apple.com/forums/thread/674179
Cheers for that. Whoever "DTS Engineer" is he clearly doesn't understand the
reasons the restriction was put in in the first place - ie that the services
on low ports are the real deal and not maybe some credential snatcher spun
up by a user. eg, running a hacked version of sshd on port 22.
You're right.
That engineer probably never had to deal with computationally
expensive cryptographic code on a slow VAX-11 computer with
performance masured at less than one million instructions per
second and RAM in the single-digit megabytes, running an
operating system designed for unnetworked timesharing on a
single machine, with no useful data that would let them securely
authenticate users across an untrusted network (let alone
provide mutual authentication of the server!), all while the
system was loaded down with 20 interactive timesharing users all
trying to do real work.
Well, having dealt with that myself, all I can say is, thank
goodness those days ended in the mid-1980s!
- Dan C.
Les messages affichés proviennent d'usenet.