From owner-freebsd-security Wed Mar 26 07:59:04 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id HAA18575 for security-outgoing; Wed, 26 Mar 1997 07:59:04 -0800 (PST) Received: from scanner.worldgate.com (scanner.worldgate.com [198.161.84.3]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id HAA18559 for ; Wed, 26 Mar 1997 07:58:52 -0800 (PST) Received: from znep.com (uucp@localhost) by scanner.worldgate.com (8.8.5/8.7.3) with UUCP id IAA11421; Wed, 26 Mar 1997 08:58:17 -0700 (MST) Received: from localhost (marcs@localhost) by alive.znep.com (8.7.5/8.7.3) with SMTP id IAA05917; Wed, 26 Mar 1997 08:58:10 -0700 (MST) Date: Wed, 26 Mar 1997 08:58:09 -0700 (MST) From: Marc Slemko To: Adrian Chadd cc: freebsd-security@freebsd.org Subject: Re: Privileged ports... In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Wed, 26 Mar 1997, Adrian Chadd wrote: > How about assigning each port number a userid which can bind with the > port alongside root? > > Should be easy enough to implement, and powerful enough to not need suid > root binaries to bind to priv'ed ports. It is trivial to implement and, even given various workarounds, would be handy but it needs some framework to slip nicely into. sysctl isn't really suited to it because it would need 1k entries which would make a sysctl -a very long. I use this on some boxes to allow things (eg. mail servers) to bind to their port (eg. 25) without needing root, but I only implement it hard-coded for the ports I need it for.