From owner-freebsd-net@FreeBSD.ORG  Mon Jul 10 14:07:11 2006
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
X-Original-To: net@freebsd.org
Delivered-To: freebsd-net@FreeBSD.ORG
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id C904716A4DD;
	Mon, 10 Jul 2006 14:07:11 +0000 (UTC) (envelope-from iang@iang.org)
Received: from mx1.sonance.net (mx1.sonance.net [62.116.45.222])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 3C13043D46;
	Mon, 10 Jul 2006 14:07:11 +0000 (GMT) (envelope-from iang@iang.org)
Received: from localhost (mf1 [127.0.0.1])
	by mx1.sonance.net (Postfix) with ESMTP id A801513EC7;
	Mon, 10 Jul 2006 16:07:17 +0200 (CEST)
Received: from mx1.sonance.net ([127.0.0.1])
	by localhost (mf1 [127.0.0.1]) (amavisd-new, port 10024) with ESMTP
	id 30551-09; Mon, 10 Jul 2006 16:07:16 +0200 (CEST)
Received: from postix.sonance.net (zentrix [192.168.0.223])
	by mx1.sonance.net (Postfix) with ESMTP id 7995E13EC3;
	Mon, 10 Jul 2006 16:07:16 +0200 (CEST)
Received: from localhost (zentrix [127.0.0.1])
	by postix.sonance.net (Postfix) with ESMTP id 3DA7417B52E;
	Mon, 10 Jul 2006 16:07:05 +0200 (CEST)
Received: from postix.sonance.net ([127.0.0.1])
	by localhost (zentrix [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 05225-08; Mon, 10 Jul 2006 16:07:04 +0200 (CEST)
Received: from [127.0.0.1] (zentrix [127.0.0.1])
	by postix.sonance.net (Postfix) with ESMTP id BC9D817B51D;
	Mon, 10 Jul 2006 16:07:04 +0200 (CEST)
Message-ID: <44B25F0A.5040709@iang.org>
Date: Mon, 10 Jul 2006 16:07:06 +0200
From: Iang <iang@iang.org>
User-Agent: Mozilla Thunderbird 1.0.7 (Macintosh/20050923)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Brian Candler <B.Candler@pobox.com>
References: <200607072030.01999.mi+mx@aldan.algebra.com>
	<20060708213932.GA41178@uk.tiscali.com>
In-Reply-To: <20060708213932.GA41178@uk.tiscali.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: sonance network anti-spam amavisd-new-20030616-p10 controlled
	spam
X-Virus-Scanned: sonance network anti-spam amavisd-new-20030616-p10 controlled
	spam
Cc: freebsd-security@freebsd.org, Mikhail Teterin <mi+mx@aldan.algebra.com>,
	imp@freebsd.org, net@freebsd.org
Subject: Re: strange limitation on rcmd()
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: iang@iang.org
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Jul 2006 14:07:11 -0000

Brian Candler wrote:

> Note that only root can bind to reserved ports.

...

> This mechanism is only valid for trusted hosts, of course. If you allow a
> random person to put their own PC on the network, they can of course send
> packets from privileged ports (either by installing Unix with their own root
> password, or by installing DOS and sending packets which come from
> privileged ports)

I gather that it is now possible to disable the
privileged ports thing on FreeBSD at least.

(Thank heavens, I say :)

iang