From owner-cvs-all  Fri Feb 21  6:10: 3 2003
Delivered-To: cvs-all@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 5315A37B401; Fri, 21 Feb 2003 06:10:01 -0800 (PST)
Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 2F11643F85; Fri, 21 Feb 2003 06:10:00 -0800 (PST)
	(envelope-from des@ofug.org)
Received: by flood.ping.uio.no (Postfix, from userid 2602)
	id 3BE5A536E; Fri, 21 Feb 2003 15:09:58 +0100 (CET)
X-URL: http://www.ofug.org/~des/
X-Disclaimer: The views expressed in this message do not necessarily
  coincide with those of any organisation or company with
  which I am or have been affiliated.
To: "Jacques A. Vidrine" <nectar@FreeBSD.org>
Cc: "M. Warner Losh" <imp@bsdimp.com>, ru@FreeBSD.org,
	cjc@FreeBSD.org, src-committers@FreeBSD.org, cvs-src@FreeBSD.org,
	cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/sys/netinet in_pcb.c
From: Dag-Erling Smorgrav <des@ofug.org>
Date: Fri, 21 Feb 2003 15:09:57 +0100
In-Reply-To: <20030221135056.GA32007@madman.celabo.org> ("Jacques A.
 Vidrine"'s message of "Fri, 21 Feb 2003 07:50:56 -0600")
Message-ID: <xzp1y21u3m2.fsf@flood.ping.uio.no>
User-Agent: Gnus/5.090014 (Oort Gnus v0.14) Emacs/21.2 (i386--freebsd)
References: <200302210528.h1L5SS0H092948@repoman.freebsd.org>
	<20030221131205.GE30966@sunbay.com>
	<20030221.062059.34122968.imp@bsdimp.com>
	<20030221135056.GA32007@madman.celabo.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG

"Jacques A. Vidrine" <nectar@FreeBSD.org> writes:
> On Fri, Feb 21, 2003 at 06:20:59AM -0700, M. Warner Losh wrote:
> > One implication of this is that if you have a server running on a
> > used-to-be priviledged port and now run it on a no-privs port your
> > machine has more potential for compromise.  [...]
> Yes, this is why this feature _must_ remain `off' by default.

Did you guys even read the commit message?  The default values cover
the range of historically privileged ports.  There is no feature that
needs to be turned off.  Unless the admin explicitly modifies one or
both of the sysctl variables introduced by the commit, there is
absolutely no change in behaviour.

DES
-- 
Dag-Erling Smorgrav - des@ofug.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message