From owner-cvs-src Fri Feb 21 6:16:13 2003 Delivered-To: cvs-src@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E1F8237B401 for ; Fri, 21 Feb 2003 06:16:11 -0800 (PST) Received: from whale.sunbay.crimea.ua (whale.sunbay.crimea.ua [212.110.138.65]) by mx1.FreeBSD.org (Postfix) with ESMTP id 918E243F85 for ; Fri, 21 Feb 2003 06:15:43 -0800 (PST) (envelope-from ru@whale.sunbay.crimea.ua) Received: from whale.sunbay.crimea.ua (root@localhost) by whale.sunbay.crimea.ua (8.12.6/8.12.6/Sunbay) with SMTP id h1LEFVPh052760 for ; Fri, 21 Feb 2003 16:15:31 +0200 (EET) (envelope-from ru@whale.sunbay.crimea.ua) Received: from whale.sunbay.crimea.ua (ru@localhost [127.0.0.1]) by whale.sunbay.crimea.ua (8.12.6/8.12.6/Sunbay) with ESMTP id h1LEFVHR052729 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Fri, 21 Feb 2003 16:15:31 +0200 (EET) (envelope-from ru@whale.sunbay.crimea.ua) Received: (from ru@localhost) by whale.sunbay.crimea.ua (8.12.6/8.12.6/Submit) id h1LEFU98052724; Fri, 21 Feb 2003 16:15:30 +0200 (EET) Date: Fri, 21 Feb 2003 16:15:30 +0200 From: Ruslan Ermilov To: Dag-Erling Smorgrav Cc: "Jacques A. Vidrine" , "M. Warner Losh" , cjc@freebsd.org, src-committers@freebsd.org, cvs-src@freebsd.org, cvs-all@freebsd.org Subject: Re: cvs commit: src/sys/netinet in_pcb.c Message-ID: <20030221141530.GC44424@sunbay.com> References: <200302210528.h1L5SS0H092948@repoman.freebsd.org> <20030221131205.GE30966@sunbay.com> <20030221.062059.34122968.imp@bsdimp.com> <20030221135056.GA32007@madman.celabo.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="jousvV0MzM2p6OtC" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.1i Sender: owner-cvs-src@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --jousvV0MzM2p6OtC Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Feb 21, 2003 at 03:09:57PM +0100, Dag-Erling Smorgrav wrote: > "Jacques A. Vidrine" writes: > > On Fri, Feb 21, 2003 at 06:20:59AM -0700, M. Warner Losh wrote: > > > One implication of this is that if you have a server running on a > > > used-to-be priviledged port and now run it on a no-privs port your > > > machine has more potential for compromise. [...] > > Yes, this is why this feature _must_ remain `off' by default. >=20 > Did you guys even read the commit message? The default values cover > the range of historically privileged ports. There is no feature that > needs to be turned off. Unless the admin explicitly modifies one or > both of the sysctl variables introduced by the commit, there is > absolutely no change in behaviour. >=20 Clear. I think what our SOs were trying to tell us is that it'd be useful to include this caveat emptor thing into the manpage, so that potential users are aware of possible consequences. Cheers, --=20 Ruslan Ermilov Sysadmin and DBA, ru@sunbay.com Sunbay Software AG, ru@FreeBSD.org FreeBSD committer, +380.652.512.251 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age --jousvV0MzM2p6OtC Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+VjSCUkv4P6juNwoRAv3OAKCMaySDoUl/nkuHhFhkwc3RB2M7VQCdG/Ma P9ojbyi3gD9Fp1uNiipuznk= =tfOd -----END PGP SIGNATURE----- --jousvV0MzM2p6OtC-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-src" in the body of the message