From owner-freebsd-net@FreeBSD.ORG  Wed Jun 22 23:18:36 2005
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
X-Original-To: freebsd-net@freebsd.org
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id E3EC816A41C
	for <freebsd-net@freebsd.org>; Wed, 22 Jun 2005 23:18:36 +0000 (GMT)
	(envelope-from gabor.kovesdan@t-hosting.hu)
Received: from viefep20-int.chello.at (viefep12-int.chello.at [213.46.255.25])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 0500E43D4C
	for <freebsd-net@freebsd.org>; Wed, 22 Jun 2005 23:18:35 +0000 (GMT)
	(envelope-from gabor.kovesdan@t-hosting.hu)
Received: from [80.98.156.20] by viefep20-int.chello.at
	(InterMail vM.6.01.04.04 201-2131-118-104-20050224) with ESMTP
	id <20050622231833.POWS29474.viefep20-int.chello.at@[80.98.156.20]>;
	Thu, 23 Jun 2005 01:18:33 +0200
Message-ID: <42B9F1C8.7070702@t-hosting.hu>
Date: Thu, 23 Jun 2005 01:18:32 +0200
From: =?ISO-8859-1?Q?K=F6vesd=E1n_G=E1bor?= <gabor.kovesdan@t-hosting.hu>
User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Marco Molteni <molter@tin.it>
References: <BAY11-F12EF48C9216082BFB35A7B9CEB0@phx.gbl>	<20050622151406.GG791@empiric.icir.org>
	<20050622180841.56be8f27.molter@tin.it>
In-Reply-To: <20050622180841.56be8f27.molter@tin.it>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
Cc: freebsd-net@freebsd.org, xtremejames183@msn.com
Subject: Re: www user than root
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Jun 2005 23:18:37 -0000

>
>
>I think that the following sysctls do the trick
>
>molter@gattaccio[~]$ sysctl net|grep reserv
>net.inet.ip.portrange.reservedhigh: 1023
>net.inet.ip.portrange.reservedlow: 0
>
>marco
>  
>
According to that, one could lower the reservedhigh value to 79, or 
increase the reservedlow to 81, but I don't think it would be secure enough.
The hack that Bruce mentioned would be secure, but not too impressive. 
I've seen the RBAC (Role-based access control) in Solaris 10 and it did 
it nicely. It would be nice to have such feature in FreeBSD. Or even in 
TrustedBSD as an experimental project, and it might be merged later if 
it seems to be stable.

Cheers,

Gábor Kövesdán