Date: Fri, 21 Feb 2003 17:16:30 +1100 From: Tim Robbins <tjr@FreeBSD.org> To: Garance A Drosihn <drosih@rpi.edu> Cc: "Crist J. Clark" <cjc@FreeBSD.org>, src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/netinet in_pcb.c (priv ports) Message-ID: <20030221171630.A34862@dilbert.robbins.dropbear.id.au> In-Reply-To: <p05200f0dba7b6c5f4cb2@[128.113.24.47]>; from drosih@rpi.edu on Fri, Feb 21, 2003 at 12:54:04AM -0500 References: <200302210528.h1L5SS0H092948@repoman.freebsd.org> <p05200f0dba7b6c5f4cb2@[128.113.24.47]>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Feb 21, 2003 at 12:54:04AM -0500, Garance A Drosihn wrote: > At 9:28 PM -0800 2/20/03, Crist J. Clark wrote: > >cjc 2003/02/20 21:28:28 PST > > > > Modified files: > > sys/netinet in_pcb.c > > Log: > > The ancient and outdated concept of "privileged ports" in UNIX-type > > OSes has probably caused more problems than it ever solved. Allow the > > user to retire the old behavior by specifying their own privileged > > range with, > > > > net.inet.ip.portrange.reservedhigh default = IPPORT_RESERVED - 1 > > net.inet.ip.portrange.reservedlo default = 0 > > > > Now you can run that webserver without ever needing root at all. Or > > just imagine, an ftpd that can really drop privileges, rather than > > just set the euid, and still do PORT data transfers from 20/tcp. > > While this can be useful, it would be nice if there was also an > exception-mechanism, instead of just a "lo" and "high" value. > If I want to run a web server without needing root, then I'd like > to allow port 80, and not an entire range of 0-80 or 80-1024. > > Would that be hard to implement? Maybe even tied to a userid? I think ipfw could do what you want, including matching on userid. Tim To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030221171630.A34862>