From owner-freebsd-security Mon Oct 16 19:34:19 2000 Delivered-To: freebsd-security@freebsd.org Received: from dt051n37.san.rr.com (dt051n37.san.rr.com [204.210.32.55]) by hub.freebsd.org (Postfix) with ESMTP id EEFBD37B4F9 for ; Mon, 16 Oct 2000 19:34:14 -0700 (PDT) Received: from slave (Studded@slave [10.0.0.1]) by dt051n37.san.rr.com (8.9.3/8.9.3) with ESMTP id TAA10022; Mon, 16 Oct 2000 19:34:09 -0700 (PDT) (envelope-from DougB@gorean.org) Date: Mon, 16 Oct 2000 19:34:08 -0700 (PDT) From: Doug Barton X-Sender: doug@dt051n37.san.rr.com To: Guolin Cheng Cc: Matt Heckaman , freebsd-security@freebsd.org Subject: Re: Reserved ports too limited for amd (automount) on FreeBSD 4.1 In-Reply-To: <20001017012808.5214.qmail@web106.yahoomail.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 16 Oct 2000, Guolin Cheng wrote: > Matt Heckaman, > > Thanks. > > I changed using sysctl command after FreeBSD 4.1 reboot, the problem is: even > the parameter is changed ( sysctl -w net.inet.ip.portrange.lowfirst=2023 ), the > amd still using ports <1024, since the reserved ports already was in use from > 1023! and now they will be used one by one sequentially!!! :(( Your problem is that by definition the secure port range ends at 1023. You _may_ be able to get what you want by changing IPPORT_RESERVED in /usr/src/sys/netinet/in.h and rebuilding your world and kernel, but it'd be a hack of potentially dangerous proportions. Doug -- "The dead cannot be seduced." - Kai, "Lexx" Do YOU Yahoo!? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message