From owner-freebsd-security  Sun Jun 20 19: 1:57 1999
Delivered-To: freebsd-security@freebsd.org
Received: from srh0710.urh.uiuc.edu (unknown [130.126.76.32])
	by hub.freebsd.org (Postfix) with SMTP id 7D06B14E97
	for <freebsd-security@freebsd.org>; Sun, 20 Jun 1999 19:01:53 -0700 (PDT)
	(envelope-from ftobin@bigfoot.com)
Received: (qmail 19641 invoked by uid 1000); 21 Jun 1999 02:01:52 -0000
Received: from localhost (sendmail-bs@127.0.0.1)
  by localhost with SMTP; 21 Jun 1999 02:01:52 -0000
Date: Sun, 20 Jun 1999 21:01:52 -0500 (CDT)
From: Frank Tobin <ftobin@bigfoot.com>
X-Sender: ftobin@srh0710.urh.uiuc.edu
To: FreeBSD-security Mailing List <freebsd-security@freebsd.org>
Subject: in_pcb (fwd)
Message-ID: <Pine.BSF.4.10.9906202101260.19623-200000@srh0710.urh.uiuc.edu>
MIME-Version: 1.0
Content-Type: MULTIPART/Mixed; BOUNDARY=HlL+5n6rz5pIUxbD
Content-ID: <Pine.BSF.4.10.9906202101261.19623@srh0710.urh.uiuc.edu>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.
  Send mail to mime@docserver.cac.washington.edu for more info.

--HlL+5n6rz5pIUxbD
Content-Type: TEXT/PLAIN; CHARSET=US-ASCII
Content-ID: <Pine.BSF.4.10.9906202101262.19623@srh0710.urh.uiuc.edu>

---------- Forwarded message ----------
Date: Sun, 20 Jun 1999 13:20:47 -0500
From: Kris Wehner <wehner@cs.uiuc.edu>
To: ftobin@uiuc.edu
Subject: in_pcb

hey

here's the securelevel tcp diff moved down to the in_pcb code against
-current. it works spiffy, and the ntohs() problem (duh!) has been fixed,
so it works reliably for both udp + tcp. sorry about the goofs before.

k
-- 
kristopher wehner <wehner@cs.uiuc.edu>
 Sit back and watch my divine spark flash                     
 	-- Chris Robinson

--HlL+5n6rz5pIUxbD
Content-Type: TEXT/PLAIN; CHARSET=us-ascii
Content-ID: <Pine.BSF.4.10.9906202101263.19623@srh0710.urh.uiuc.edu>
Content-Description: 
Content-Disposition: ATTACHMENT; FILENAME="in_pcb.diff"

*** in_pcb.c-orig	Sun Jun 20 13:17:55 1999
--- in_pcb.c	Sun Jun 20 13:19:16 1999
***************
*** 175,180 ****
--- 175,186 ----
  		if (sin->sin_family != AF_INET)
  			return (EAFNOSUPPORT);
  #endif
+ 		/* 
+ 		 * Disallow bind if we are in super secure mode and port < 1024
+ 		 */
+ 		if (sin->sin_family == AF_INET && sin->sin_port < ntohs(1024) 
+ 		    && securelevel >= 4) 
+ 		  return EPERM;
  		if (prison_ip(p, 0, &sin->sin_addr.s_addr))
  			return(EINVAL);
  		lport = sin->sin_port;

--HlL+5n6rz5pIUxbD--


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message