From owner-freebsd-security Fri Mar 28 13:19:57 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id NAA04329 for security-outgoing; Fri, 28 Mar 1997 13:19:57 -0800 (PST) Received: from smtp.enteract.com (qmailr@char-star.rdist.org [206.54.252.22]) by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id NAA04312 for ; Fri, 28 Mar 1997 13:19:46 -0800 (PST) Received: (qmail 22481 invoked by uid 1001); 28 Mar 1997 21:19:36 -0000 Message-ID: <19970328211936.22480.qmail@smtp.enteract.com> From: tqbf@char-star.rdist.org Subject: Re: More on reserved ports... To: freebsd-security@freebsd.org Date: Fri, 28 Mar 1997 15:19:36 -0600 (CST) Reply-To: tqbf@enteract.com X-Mailer: ELM [version 2.4ME+ PL31 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Fri, 28 Mar 1997 08:35:19 -0700 (MST) brandon@cold.org: >in inetd.conf, but why do it there? I would suggest doing it to another >file, such as /etc/services, or something similar, and just having it be a >generic port configuration file overall. This file would define who can How do you propose to implement this in the kernel? Remember, you can't enforce this using userland processes. Would you add some kind of data structure in the kernel to track all these ports, and system calls to add and remove ports from consideration, and a check against it in in_pcb.c? It seems like things are getting a bit complex now. -- ---------------- Thomas Ptacek at EnterAct, L.L.C., Chicago, IL [tqbf@enteract.com] ---------------- exit(main(kfp->kargc, argv, environ));