Date: Fri, 21 Feb 2003 16:15:30 +0200 From: Ruslan Ermilov <ru@freebsd.org> To: Dag-Erling Smorgrav <des@ofug.org> Cc: "Jacques A. Vidrine" <nectar@freebsd.org>, "M. Warner Losh" <imp@bsdimp.com>, cjc@freebsd.org, src-committers@freebsd.org, cvs-src@freebsd.org, cvs-all@freebsd.org Subject: Re: cvs commit: src/sys/netinet in_pcb.c Message-ID: <20030221141530.GC44424@sunbay.com> In-Reply-To: <xzp1y21u3m2.fsf@flood.ping.uio.no> References: <200302210528.h1L5SS0H092948@repoman.freebsd.org> <20030221131205.GE30966@sunbay.com> <20030221.062059.34122968.imp@bsdimp.com> <20030221135056.GA32007@madman.celabo.org> <xzp1y21u3m2.fsf@flood.ping.uio.no>
next in thread | previous in thread | raw e-mail | index | archive | help
--jousvV0MzM2p6OtC Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Feb 21, 2003 at 03:09:57PM +0100, Dag-Erling Smorgrav wrote: > "Jacques A. Vidrine" <nectar@FreeBSD.org> writes: > > On Fri, Feb 21, 2003 at 06:20:59AM -0700, M. Warner Losh wrote: > > > One implication of this is that if you have a server running on a > > > used-to-be priviledged port and now run it on a no-privs port your > > > machine has more potential for compromise. [...] > > Yes, this is why this feature _must_ remain `off' by default. >=20 > Did you guys even read the commit message? The default values cover > the range of historically privileged ports. There is no feature that > needs to be turned off. Unless the admin explicitly modifies one or > both of the sysctl variables introduced by the commit, there is > absolutely no change in behaviour. >=20 Clear. I think what our SOs were trying to tell us is that it'd be useful to include this caveat emptor thing into the manpage, so that potential users are aware of possible consequences. Cheers, --=20 Ruslan Ermilov Sysadmin and DBA, ru@sunbay.com Sunbay Software AG, ru@FreeBSD.org FreeBSD committer, +380.652.512.251 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age --jousvV0MzM2p6OtC Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+VjSCUkv4P6juNwoRAv3OAKCMaySDoUl/nkuHhFhkwc3RB2M7VQCdG/Ma P9ojbyi3gD9Fp1uNiipuznk= =tfOd -----END PGP SIGNATURE----- --jousvV0MzM2p6OtC-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030221141530.GC44424>