Date: Sun, 5 Jul 1998 22:03:05 +0000 From: Niall Smart <rotel@indigo.ie> To: dg@root.com, rotel@indigo.ie Cc: "Allen Smith" <easmith@beatrice.rutgers.edu>, security@FreeBSD.ORG, njs3@doc.ic.ac.uk, dima@best.net, abc@ralph.ml.org, tqbf@secnet.com Subject: Re: bsd securelevel patch question Message-ID: <199807052103.WAA04673@indigo.ie> In-Reply-To: David Greenman <dg@root.com> "Re: bsd securelevel patch question" (Jul 2, 9:00am)
next in thread | previous in thread | raw e-mail | index | archive | help
On Jul 2, 9:00am, David Greenman wrote: } Subject: Re: bsd securelevel patch question > >On Jul 2, 7:10am, David Greenman wrote: > >> > >> Well, one thing that is wrong with this is that it is slow. I sure wouldn't > >> want my busy WWW server doing this for every connection that is made. > > > >It would only be necessary to do this for binds to ports < 1024. So it > >would just be checked every time a daemon started. > > Um, well, let's talk about FTP servers, then, since those do a privileged > bind() for every data connection that is estabilished (one per file transfer). This can be solved by using passive mode on the FTP server side, which is a good idea for security conscious sites anyhow. Niall -- Niall Smart. PGP: finger njs3@motmot.doc.ic.ac.uk FreeBSD: Turning PC's into Workstations: www.freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199807052103.WAA04673>