Date: Fri, 21 Feb 2003 15:09:57 +0100 From: Dag-Erling Smorgrav <des@ofug.org> To: "Jacques A. Vidrine" <nectar@FreeBSD.org> Cc: "M. Warner Losh" <imp@bsdimp.com>, ru@FreeBSD.org, cjc@FreeBSD.org, src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/netinet in_pcb.c Message-ID: <xzp1y21u3m2.fsf@flood.ping.uio.no> In-Reply-To: <20030221135056.GA32007@madman.celabo.org> ("Jacques A. Vidrine"'s message of "Fri, 21 Feb 2003 07:50:56 -0600") References: <200302210528.h1L5SS0H092948@repoman.freebsd.org> <20030221131205.GE30966@sunbay.com> <20030221.062059.34122968.imp@bsdimp.com> <20030221135056.GA32007@madman.celabo.org>
next in thread | previous in thread | raw e-mail | index | archive | help
"Jacques A. Vidrine" <nectar@FreeBSD.org> writes: > On Fri, Feb 21, 2003 at 06:20:59AM -0700, M. Warner Losh wrote: > > One implication of this is that if you have a server running on a > > used-to-be priviledged port and now run it on a no-privs port your > > machine has more potential for compromise. [...] > Yes, this is why this feature _must_ remain `off' by default. Did you guys even read the commit message? The default values cover the range of historically privileged ports. There is no feature that needs to be turned off. Unless the admin explicitly modifies one or both of the sysctl variables introduced by the commit, there is absolutely no change in behaviour. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzp1y21u3m2.fsf>