From owner-freebsd-security Thu Jul 2 07:11:30 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id HAA27600 for freebsd-security-outgoing; Thu, 2 Jul 1998 07:11:30 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from implode.root.com (implode.root.com [198.145.90.17]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id HAA27562 for ; Thu, 2 Jul 1998 07:11:17 -0700 (PDT) (envelope-from root@implode.root.com) Received: from implode.root.com (localhost [127.0.0.1]) by implode.root.com (8.8.5/8.8.5) with ESMTP id HAA24585; Thu, 2 Jul 1998 07:10:20 -0700 (PDT) Message-Id: <199807021410.HAA24585@implode.root.com> To: rotel@indigo.ie cc: "Allen Smith" , security@FreeBSD.ORG, njs3@doc.ic.ac.uk, dima@best.net, abc@ralph.ml.org, tqbf@secnet.com Subject: Re: bsd securelevel patch question In-reply-to: Your message of "Thu, 02 Jul 1998 14:31:18 -0000." <199807021331.OAA00656@indigo.ie> From: David Greenman Reply-To: dg@root.com Date: Thu, 02 Jul 1998 07:10:20 -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Eh? If ssh/smtp/inetd bind to the port you won't be able to, no >matter how often you try. And you won't be able to steal keys >by hijacking sshd. > >I still agree with you for other reasons though, if an attacker >creates a new service people might use it even though it isn't a >legitimate service setup my the sysadmin. > >Whats wrong with a /dev/socket/tcp/XYZ acl type scheme? If the >process has permission to read /dev/socket/tcp/83 then they can >bind to port 83, you could make it a procfs type filesystem so all >the ACL information was in memory for speed. Then you've got to >save/restore state though. Well, one thing that is wrong with this is that it is slow. I sure wouldn't want my busy WWW server doing this for every connection that is made. -DG David Greenman Co-founder/Principal Architect, The FreeBSD Project To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message