This article was first written in May 2005 for the BeezNest technical
On UNIX, the ports < 1024 are accessible to user root
That has many implications, as then most standard
networked servers have to start as root anyway, because they use well-known ports (like HTTP, SMTP, POP, IMAP, FTP, …).
To reduce the risk, most of them then start as root
, open the port(s) they need and then change to another user. For example, Apache
does it like this.