From owner-freebsd-security  Tue Nov 19 18:14:48 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id SAA24551
          for security-outgoing; Tue, 19 Nov 1996 18:14:48 -0800 (PST)
Received: from scanner.worldgate.com (scanner.worldgate.com [198.161.84.3])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id SAA24536
          for <freebsd-security@FreeBSD.ORG>; Tue, 19 Nov 1996 18:14:39 -0800 (PST)
Received: from znep.com (uucp@localhost) by scanner.worldgate.com (8.7.5/8.7.3) with UUCP id TAA04491; Tue, 19 Nov 1996 19:14:24 -0700 (MST)
Received: from localhost (marcs@localhost) by alive.ampr.ab.ca (8.7.5/8.7.3) with SMTP id TAA07199; Tue, 19 Nov 1996 19:11:50 -0700 (MST)
Date: Tue, 19 Nov 1996 19:11:50 -0700 (MST)
From: Marc Slemko <marcs@znep.com>
X-Sender: marcs@alive.ampr.ab.ca
To: Mikael Karpberg <karpen@ocean.campus.luth.se>
cc: phk@critter.tfs.com, freebsd-security@FreeBSD.ORG
Subject: binding to ports < 1024 (was: Re: BoS: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2).)
In-Reply-To: <199611200138.CAA23822@ocean.campus.luth.se>
Message-ID: <Pine.BSF.3.95.961119185458.6339B-100000@alive.ampr.ab.ca>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-security@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

On Wed, 20 Nov 1996, Mikael Karpberg wrote:

> According to Marc Slemko:
> 
> > The biggest problem I see to implementing such a thing is that I can't see
> > a pretty way to make it fit into the sysctl mold without having 1024
> > lines, one for each port < 1024.  Anyone have any ideas on how to do that
> > nicely or if 1024 lines is ok?
> 
> I think it's acceptable wtih 1024 lines. Really... If all ports default
> to root only, how many lines would you have? Do you use all ports < 1024?
> And of many of those things run under inetd , which has to run as root
> anyway. You will probably never use more then a few lines. 

The problem is that the output of a sysctl -a will be very bloated.  If
you could make the variable only appear when changed from the default it
would be a different matter, but I don't think that is practical.  The way
current sysctl variables are done, it also means several thousand more
lines of source, since each option needs a seperate define, etc. It would
also add somewhere between 2k and 40k to the compiled kernel if
implemented the dumb way; I think that is a significant amount for
something with such limited use.  It could easily be hidden behind an
ifdef I guess. 

Oh, and one other thing I missed is that it should be under net.inet.ip
(perhaps; it doesn't quite fit in at that level though) and not tcp
because it applies to both tcp and udp.

> 
> > On Mon, 18 Nov 1996, Poul-Henning Kamp wrote:
> [...]
> > > 	sysctl -w net.inet.tcp.uidforport.25=`id -ur smtp`
> > > 	sysctl -w net.inet.tcp.uidforport.20=`id -ur ftp`
> > > 	sysctl -w net.inet.tcp.uidforport.21=`id -ur ftp`
> > > 	sysctl -w net.inet.tcp.uidforport.119=`id -ur nntp`
> [...]
> 
> Just my $0.02
>   /Mikael
>