From owner-freebsd-security Tue Jun 22 11: 1:50 1999 Delivered-To: freebsd-security@freebsd.org Received: from aniwa.sky (p32-max12.wlg.ihug.co.nz [216.100.145.32]) by hub.freebsd.org (Postfix) with ESMTP id E057514D10 for ; Tue, 22 Jun 1999 11:01:42 -0700 (PDT) (envelope-from andrew@scoop.co.nz) Received: from aniwa.sky (localhost [127.0.0.1]) by aniwa.sky (8.9.1a/8.9.1) with ESMTP id FAA07268; Wed, 23 Jun 1999 05:58:37 +1200 (NZST) Message-Id: <199906221758.FAA07268@aniwa.sky> X-Mailer: exmh version 2.0.2 2/24/98 To: Dag-Erling Smorgrav Cc: Michael Richards <026809r@dragon.acadiau.ca>, freebsd-security@FreeBSD.ORG Subject: Re: Allowing non root users to bind low ports In-reply-to: Your message of "21 Jun 1999 14:55:04 +0200." Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Wed, 23 Jun 1999 05:58:36 +1200 From: Andrew McNaughton Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Michael Richards <026809r@dragon.acadiau.ca> writes: > > I was giving this concept a little thought. If I'm not root and I can bind > > a low port, let's say the telnet port. I could write myself a fake telnet > > daemon and run it. Sooner or later, someone is going to try using it... > > This whole thing about non-root users binding to low ports would only be > > useful if there are no shell accounts on a machine IMO. > > Well, duh. That's why we want to turn this off before going multiuser > (but after starting stuff like sendmail etc.) That approach is of limited use unless you're prepared to reboot your machine every time you want to change your sendmail configuration. Sounds too much like Windows for my liking. Nothing short of reconfiguring the kernel or a make world should require a reboot. Andrew McNaughton -- Andrew McNaughton +64 4 389 6891 andrew@scoop.co.nz http://www.scoop.co.nz/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message