Date: Sun, 20 Jun 1999 21:01:52 -0500 (CDT) From: Frank Tobin <ftobin@bigfoot.com> To: FreeBSD-security Mailing List <freebsd-security@freebsd.org> Subject: in_pcb (fwd) Message-ID: <Pine.BSF.4.10.9906202101260.19623-200000@srh0710.urh.uiuc.edu>
next in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] ---------- Forwarded message ---------- Date: Sun, 20 Jun 1999 13:20:47 -0500 From: Kris Wehner <wehner@cs.uiuc.edu> To: ftobin@uiuc.edu Subject: in_pcb hey here's the securelevel tcp diff moved down to the in_pcb code against -current. it works spiffy, and the ntohs() problem (duh!) has been fixed, so it works reliably for both udp + tcp. sorry about the goofs before. k -- kristopher wehner <wehner@cs.uiuc.edu> Sit back and watch my divine spark flash -- Chris Robinson [-- Attachment #2 --] *** in_pcb.c-orig Sun Jun 20 13:17:55 1999 --- in_pcb.c Sun Jun 20 13:19:16 1999 *************** *** 175,180 **** --- 175,186 ---- if (sin->sin_family != AF_INET) return (EAFNOSUPPORT); #endif + /* + * Disallow bind if we are in super secure mode and port < 1024 + */ + if (sin->sin_family == AF_INET && sin->sin_port < ntohs(1024) + && securelevel >= 4) + return EPERM; if (prison_ip(p, 0, &sin->sin_addr.s_addr)) return(EINVAL); lport = sin->sin_port;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9906202101260.19623-200000>