mastodon.ar.al is one of the many independent Mastodon servers you can use to participate in the fediverse.
This is my personal fediverse server.

Administered by:

Server stats:

1
active users

Linux really needs to remove the “privileged ports” security theater bullshit.

We’re no longer living in the mainframe era. The security properties of the Internet are different to mainframes. This is actually an anti-feature that either complicates life or actually compromises security (when folks run servers as root and forget to drop privileges , etc.).

If anyone has any sway within the kernel team, etc., please do your thing.

source.small-tech.org/site.js/

GitLabDisable privileged ports security theatre on Linux instead of using setcap (#169) · Issues · Site.js / app Summary Currently, we’re using setcap to grant the CAP_NET_BIND_SERVICE privilege to allow Node.js (during development and testing) and the Site.js binary...

@aral how is it theatre? For example when I have to expose ssh to the internet I usually use port 2022 because at least that's one more layer of security, in case someone gets user access to the system and are able to crash the ssh service they can't start their own service that harvests passwords because it was on a privileged port.

@stemid Please see the linked page (and the articles linked to that) :)

@aral @stemid I mean, there's just plenty of solutions. From what I read in your article you have found one through modifying a kernel parameter. Which means that the mechanism is implemented. It's just not enabled by default.

I see lots of workarounds to your problem and Linux in itself doesn't prevent one from achieving the behavior you're looking for.

Aral Balkan

@paillp @stemid Yes and those workarounds complicate workflows and create usability issues.