Date: Wed, 12 Mar 1997 20:16:25 +0100 (MET) From: Guido van Rooij <guido@gvr.win.tue.nl> To: wollman@lcs.mit.edu (Garrett Wollman) Cc: freebsd-security@freebsd.org, core@freebsd.org Subject: Re: NFS security issue... Message-ID: <199703121916.UAA23339@gvr.win.tue.nl> In-Reply-To: <9703121532.AA18955@halloran-eldar.lcs.mit.edu> from Garrett Wollman at "Mar 12, 97 10:32:48 am"
next in thread | previous in thread | raw e-mail | index | archive | help
Garrett Wollman wrote: > <<On Wed, 12 Mar 1997 10:25:11 -0500, I wrote: > > > Except, of course, that it doesn't belong under net, it belongs under > > [v]fs.nfs. At this point, you may want to fix P-HK's breakage of > > sysctl variables for LKM filesystems. > > One thing I forgot to mention... > > I am right now contemplating changing the socket interface to pass > user credentials down to pru_bind(). This could be used, for example, > to provide a more sophisticated access-control model for local port > numbers (like blocking user attempts to bind to port 2049). Hopefully > we can get rid of SS_PRIV completely... > the local hackery is just an example. The same check for reserved ports also holds for non-local nfs requests. -Guido
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199703121916.UAA23339>