Date: Sat, 27 May 2006 10:24:31 -0500 From: "Z.C.B." <vvelox@vvelox.net> To: Ian G <iang@iang.org> Cc: FreeBSD Security List <freebsd-security@freebsd.org> Subject: Re: On what versions of FreeBSD can we unreserve ports? Message-ID: <20060527102431.0a5d4323@vixen42.vulpes> In-Reply-To: <4478594C.6080309@iang.org> References: <4478594C.6080309@iang.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 27 May 2006 15:51:08 +0200 Ian G <iang@iang.org> wrote: > On which versions of FreeBSD is it now possible to > un-reserve ports? > > ( I've been waiting for this since forever ... have > spent countless days - $$$ - trying to install > workarounds, only to junk them later. I've even > been paid a consulting gig to develop this, and > declined to deploy it on my own servers :-/ ) > > iang > > > > http://askslim.blogspot.com/2006/05/freebsd-61-disabling-reserverd-ports.html > > Friday, May 26, 2006 > FreeBSD 6.1: Disabling Reserverd Ports > > A common misfeature found on UN*X operating systems is the > restriction that only root can bind to ports < 1024. Many a > dollar has been wasted on workarounds and -often- the > resulting security holes. > > Fortunately on FreeBSD 6.1 (and probably older versions as > well) you can disable this remnant of trust-by-convention. > > > host$ sysctl net.inet.ip.portrange.reservedhigh=0 > > That simple. Add it to your /etc/sysctl.conf today! > > posted by Slim @ 4:18 PM That works on releng_5 as well. Since when is this common for just unix? I would have to double check, but I am certain windows and nearly everything else does this as well. Just on windows users run with what would normally be root privileges. It does server a useful purpose. It prevents any user from running services on them.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060527102431.0a5d4323>