Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 21 Feb 2003 06:20:59 -0700 (MST)
From:      "M. Warner Losh" <imp@bsdimp.com>
To:        ru@FreeBSD.org
Cc:        cjc@FreeBSD.org, src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org
Subject:   Re: cvs commit: src/sys/netinet in_pcb.c
Message-ID:  <20030221.062059.34122968.imp@bsdimp.com>
In-Reply-To: <20030221131205.GE30966@sunbay.com>
References:  <200302210528.h1L5SS0H092948@repoman.freebsd.org> <20030221131205.GE30966@sunbay.com>

next in thread | previous in thread | raw e-mail | index | archive | help
One implication of this is that if you have a server running on a
used-to-be priviledged port and now run it on a no-privs port your
machine has more potential for compromise.  If an attacker can make
that server die, and has an accaount on your machine, that attacker
can replace the daemon with his own by winning the restart race.  With
priviledged ports, root was the only one that mattered.

Warner

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-src" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030221.062059.34122968.imp>