From owner-freebsd-security Wed Mar 26 10:45:16 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id KAA07612 for security-outgoing; Wed, 26 Mar 1997 10:45:16 -0800 (PST) Received: from enteract.com (root@enteract.com [206.54.252.1]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id KAA07600 for ; Wed, 26 Mar 1997 10:45:09 -0800 (PST) Received: (from tqbf@localhost) by enteract.com (8.8.5/8.7.6) id MAA27813; Wed, 26 Mar 1997 12:43:53 -0600 (CST) From: "Thomas H. Ptacek" Message-Id: <199703261843.MAA27813@enteract.com> Subject: Re: Privileged ports... To: dg@root.com Date: Wed, 26 Mar 1997 12:43:52 -0600 (CST) Cc: adrian@obiwan.aceonline.com.au, tqbf@enteract.com, freebsd-security@FreeBSD.ORG Reply-To: tqbf@enteract.com In-Reply-To: <199703261441.GAA12899@root.com> from "David Greenman" at Mar 26, 97 06:41:11 am X-Mailer: ELM [version 2.4 PL24 ME8a] Content-Type: text Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk > None that I can think of if I understand you correctly. The thing you > want to prevent is regular users being able to bind to a privileged port. Mr. Greenman, I know I'm being repetative here, but I'd like to re-assert that the patch I posted does not allow regular users to bind to a privileged port, nor have I ever suggested that regular users be granted the ability to bind to a privileged port. > It would be nice if FreeBSD had account privileges ala VMS. You could then > have fine grain control over what 'privileged' programs can do, thus limiting I have some more patches to post. Let's see how they do in OpenBSD first. I don't think the problem is as complicated as it seems. ---------------- Thomas Ptacek at EnterAct, L.L.C., Chicago, IL [tqbf@enteract.com] ---------------- "If you're so special, why aren't you dead?"