From owner-freebsd-net@FreeBSD.ORG Mon Jul 10 14:17:33 2006 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1221816A4DA; Mon, 10 Jul 2006 14:17:33 +0000 (UTC) (envelope-from simon@zaphod.nitro.dk) Received: from mx.nitro.dk (zarniwoop.nitro.dk [83.92.207.38]) by mx1.FreeBSD.org (Postfix) with ESMTP id 89DF943D5C; Mon, 10 Jul 2006 14:17:31 +0000 (GMT) (envelope-from simon@zaphod.nitro.dk) Received: from zaphod.nitro.dk (unknown [192.168.3.39]) by mx.nitro.dk (Postfix) with ESMTP id CB8222D4905; Mon, 10 Jul 2006 14:17:30 +0000 (UTC) Received: by zaphod.nitro.dk (Postfix, from userid 3000) id 79E851142D; Mon, 10 Jul 2006 16:17:30 +0200 (CEST) Date: Mon, 10 Jul 2006 16:17:30 +0200 From: "Simon L. Nielsen" To: Iang Message-ID: <20060710141729.GF1101@zaphod.nitro.dk> References: <200607072030.01999.mi+mx@aldan.algebra.com> <20060708213932.GA41178@uk.tiscali.com> <44B25F0A.5040709@iang.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="YToU2i3Vx8H2dn7O" Content-Disposition: inline In-Reply-To: <44B25F0A.5040709@iang.org> User-Agent: Mutt/1.5.11 Cc: freebsd-security@freebsd.org, Mikhail Teterin , net@freebsd.org, imp@freebsd.org, Brian Candler Subject: Re: strange limitation on rcmd() X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Jul 2006 14:17:33 -0000 --YToU2i3Vx8H2dn7O Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2006.07.10 16:07:06 +0200, Iang wrote: > Brian Candler wrote: >=20 > >Note that only root can bind to reserved ports. >=20 > ... >=20 > >This mechanism is only valid for trusted hosts, of course. If you allow a > >random person to put their own PC on the network, they can of course send > >packets from privileged ports (either by installing Unix with their own= =20 > >root > >password, or by installing DOS and sending packets which come from > >privileged ports) >=20 > I gather that it is now possible to disable the > privileged ports thing on FreeBSD at least. >=20 > (Thank heavens, I say :) Actually it is, but it would obviously be a stupid idea to do so any place where privileged ports are required... [simon@zaphod:~] sysctl net.inet.ip.portrange.reservedhigh net.inet.ip.port= range.reservedlow net.inet.ip.portrange.reservedhigh: 1023 net.inet.ip.portrange.reservedlow: 0 --=20 Simon L. Nielsen --YToU2i3Vx8H2dn7O Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (FreeBSD) iD8DBQFEsmF5h9pcDSc1mlERAq7RAJ9mpDSX+M8NDrC5jMScYITwB0eyCwCfd1jp R9tCljciXvIJNmsUKHWtdJU= =R23T -----END PGP SIGNATURE----- --YToU2i3Vx8H2dn7O--