From owner-freebsd-security Thu Jul 2 09:25:12 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id JAA22372 for freebsd-security-outgoing; Thu, 2 Jul 1998 09:25:12 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from mail.ftf.dk (mail.ftf.dk [129.142.64.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id JAA22356 for ; Thu, 2 Jul 1998 09:25:03 -0700 (PDT) (envelope-from regnauld@deepo.prosa.dk) Received: from mail.prosa.dk ([192.168.100.254]) by mail.ftf.dk (8.8.8/8.8.8/gw-ftf-1.0) with ESMTP id SAA24957; Thu, 2 Jul 1998 18:24:26 +0200 (CEST) (envelope-from regnauld@deepo.prosa.dk) X-Authentication-Warning: mail.ftf.dk: Host [192.168.100.254] claimed to be mail.prosa.dk Received: from deepo.prosa.dk (deepo.prosa.dk [192.168.100.10]) by mail.prosa.dk (8.8.8/8.8.5/prosa-1.1) with ESMTP id SAA08055; Thu, 2 Jul 1998 18:24:04 +0200 (CEST) Received: (from regnauld@localhost) by deepo.prosa.dk (8.8.8/8.8.5/prosa-1.1) id SAA11133; Thu, 2 Jul 1998 18:24:01 +0200 (CEST) Message-ID: <19980702182400.33083@deepo.prosa.dk> Date: Thu, 2 Jul 1998 18:24:00 +0200 From: Philippe Regnauld To: dg@root.com Cc: security@FreeBSD.ORG Subject: Re: bsd securelevel patch question References: <199807021331.OAA00656@indigo.ie> <199807021410.HAA24585@implode.root.com> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Mailer: Mutt 0.88e In-Reply-To: <199807021410.HAA24585@implode.root.com>; from David Greenman on Thu, Jul 02, 1998 at 07:10:20AM -0700 X-Operating-System: FreeBSD 2.2.6-RELEASE i386 Organization: PROSA Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org David Greenman writes: > > > >Whats wrong with a /dev/socket/tcp/XYZ acl type scheme? If the > >process has permission to read /dev/socket/tcp/83 then they can > >bind to port 83, you could make it a procfs type filesystem so all > > Well, one thing that is wrong with this is that it is slow. I sure wouldn't > want my busy WWW server doing this for every connection that is made. Wouldn't the parent apache (or other) bind to 80 and listen there once and for all at startup time ? -- -[ Philippe Regnauld / sysadmin / regnauld@deepo.prosa.dk / +55.4N +11.3E ]- «Pluto placed his bad dog at the entrance of Hades to keep the dead IN and the living OUT! The archetypical corporate firewall?» - S. Kelly Bootle To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message