From owner-freebsd-security Thu Jul 2 01:55:59 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id BAA10121 for freebsd-security-outgoing; Thu, 2 Jul 1998 01:55:59 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from implode.root.com (implode.root.com [198.145.90.17]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id BAA10103 for ; Thu, 2 Jul 1998 01:55:54 -0700 (PDT) (envelope-from root@implode.root.com) Received: from implode.root.com (localhost [127.0.0.1]) by implode.root.com (8.8.5/8.8.5) with ESMTP id BAA23399; Thu, 2 Jul 1998 01:55:24 -0700 (PDT) Message-Id: <199807020855.BAA23399@implode.root.com> To: "Allen Smith" cc: security@FreeBSD.ORG, njs3@doc.ic.ac.uk, dima@best.net, abc@ralph.ml.org, tqbf@secnet.com Subject: Re: bsd securelevel patch question In-reply-to: Your message of "Thu, 02 Jul 1998 03:06:49 EDT." <9807020306.ZM22221@beatrice.rutgers.edu> From: David Greenman Reply-To: dg@root.com Date: Thu, 02 Jul 1998 01:55:23 -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >On Jul 1, 12:44am, David Greenman (possibly) wrote: > >> I'll resist any scheme that ties specific privileges to specific gids. To >> me it seems too kludgy and I also suspect that most FreeBSD admins will be >> quite unhappy about us hijacking a large block of gids for our special >> purposes. > >Umm... OK, you're the boss. The block of gids I'd had in mind was >above 65535, so I have my doubts how many people would be using >those. Any ideas on alternate routes for port permission broadening? I >haven't been able to look at Darren's version so far. Well, someone will have to convince me that delegating access on a port by port basis is necessary in the first place. I'd personally be happy with a simple privilege that allows binding to ports <1024. -DG David Greenman Co-founder/Principal Architect, The FreeBSD Project To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message