Date: Tue, 17 Nov 1998 11:26:40 -0500 From: Brian Reichert <reichert@numachi.com> To: freebsd-security@FreeBSD.ORG Subject: Re: Would this make FreeBSD more secure? & sendmail changes in OpenBSD 2.4 Message-ID: <19981117112640.A9299@numachi.com> In-Reply-To: <Pine.BSF.4.05.9811162354100.26690-100000@lazlo.steam.com>; from Cliff Skolnick on Tue, Nov 17, 1998 at 12:19:36AM -0800 References: <Pine.BSF.4.01.9811171958170.8181-100000@aniwa.sky> <Pine.BSF.4.05.9811162354100.26690-100000@lazlo.steam.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Nov 17, 1998 at 12:19:36AM -0800, Cliff Skolnick wrote: > The program would be setuid root, open a port (restricted by some access > file like the suggested /etc/bindports), and exec the daemon. Of course > there would be some interface dealing with what file descriptors contained > the socket, perhaps passed as a parameter. I've been making heavy use of DJB's ucspi-tcp wrapper. It's discussed at ftp://koobera.math.uic.edu/www/ucspi-tcp.html and makes his home-spun interface for CLIs to work off of the net: ftp://koobera.math.uic.edu/www/proto/ucspi.txt it handles a lot of what I'm concerned about, and makes for any easy place to put a 'limits' wrapper in... One thing it doesn't seem to to is allow you to have N pre-forked images, and broker conversations with them... -- Brian 'you Bastard' Reichert reichert@numachi.com 37 Crystal Ave. #303 Current daytime number: (603)-434-6842 Derry NH 03038-1713 USA Intel architecture: the left-hand path To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19981117112640.A9299>