Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 27 May 2006 10:24:31 -0500
From:      "Z.C.B." <vvelox@vvelox.net>
To:        Ian G <iang@iang.org>
Cc:        FreeBSD Security List <freebsd-security@freebsd.org>
Subject:   Re: On what versions of FreeBSD can we unreserve ports?
Message-ID:  <20060527102431.0a5d4323@vixen42.vulpes>
In-Reply-To: <4478594C.6080309@iang.org>
References:  <4478594C.6080309@iang.org>

next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 27 May 2006 15:51:08 +0200
Ian G <iang@iang.org> wrote:

> On which versions of FreeBSD is it now possible to
> un-reserve ports?
> 
> ( I've been waiting for this since forever ... have
> spent countless days - $$$ - trying to install
> workarounds, only to junk them later.  I've even
> been paid a consulting gig to develop this, and
> declined to deploy it on my own servers :-/ )
> 
> iang
> 
> 
> 
> http://askslim.blogspot.com/2006/05/freebsd-61-disabling-reserverd-ports.html
> 
> Friday, May 26, 2006
> FreeBSD 6.1: Disabling Reserverd Ports
> 
> A common misfeature found on UN*X operating systems is the
> restriction that only root can bind to ports < 1024. Many a
> dollar has been wasted on workarounds and -often- the
> resulting security holes.
> 
> Fortunately on FreeBSD 6.1 (and probably older versions as
> well) you can disable this remnant of trust-by-convention.
> 
> 
> host$ sysctl net.inet.ip.portrange.reservedhigh=0
> 
> That simple. Add it to your /etc/sysctl.conf today!
> 
> posted by Slim @ 4:18 PM


That works on releng_5 as well. 

Since when is this common for just unix? I would have to double
check, but I am certain windows and nearly everything else does this
as well. Just on windows users run with what would normally be root
privileges.

It does server a useful purpose. It prevents any user from running
services on them.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060527102431.0a5d4323>