From owner-freebsd-security Sat Oct 20 5:44: 2 2001 Delivered-To: freebsd-security@freebsd.org Received: from P7.mpionline.com (dsl-mw-209-115-240-i249-edm.nucleus.com [209.115.240.249]) by hub.freebsd.org (Postfix) with ESMTP id 623E137B403 for ; Sat, 20 Oct 2001 05:43:57 -0700 (PDT) Received: from P5 (P5.mpionline.com [209.115.240.246]) by P7.mpionline.com (8.11.3/8.11.3) with SMTP id f9KCjeH44654 for ; Sat, 20 Oct 2001 06:45:40 -0600 (MDT) (envelope-from tomek@mpionline.com) Message-ID: <0e3a01c15964$fd88fee0$f6f073d1@mpionline.com> From: "Tomek" To: Subject: Making almost everything non-root Date: Sat, 20 Oct 2001 06:44:42 -0600 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.3018.1300 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.3018.1300 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello there, I am attempting to make everything I possibly can non-root. I have a few questions to that regard. 1. Is there a way to make ports <1024 accessable to non-root programs (preferably on a per-user basis)? Some programs are set to root JUST to access a port, which is a lame reason in my opinion to give such access. 2. I am planning on recompiling several "login" style programs to use limited user-ids instead of root, INCLUDING telnet, and just have a centralized tiny program "makemeroot" called sometime between obtaining login info and actually running shells. Is there a way to on-the-fly make a running PID a different user given the proper login information? NOTE: I do not understand why programs have not been designed this way. I know it may be a slight inconvenience for login programs, but until the user enters root login information, I do not see a strong argument for giving the program root privileges in the first place. Thank you, Tomek To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message