From owner-cvs-all  Fri Feb 21 11:56:11 2003
Delivered-To: cvs-all@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id F0C0A37B401; Fri, 21 Feb 2003 11:56:09 -0800 (PST)
Received: from dragon.nuxi.com (trang.nuxi.com [66.93.134.19])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 0AD4743FB1; Fri, 21 Feb 2003 11:56:09 -0800 (PST)
	(envelope-from obrien@NUXI.com)
Received: from dragon.nuxi.com (obrien@localhost [127.0.0.1])
	by dragon.nuxi.com (8.12.7/8.12.2) with ESMTP id h1LJu82p093053;
	Fri, 21 Feb 2003 11:56:08 -0800 (PST)
	(envelope-from obrien@dragon.nuxi.com)
Received: (from obrien@localhost)
	by dragon.nuxi.com (8.12.7/8.12.7/Submit) id h1LJu8UM093052;
	Fri, 21 Feb 2003 11:56:08 -0800 (PST)
Date: Fri, 21 Feb 2003 11:56:07 -0800
From: "David O'Brien" <obrien@FreeBSD.org>
To: Garance A Drosihn <drosih@rpi.edu>
Cc: "Crist J. Clark" <cjc@FreeBSD.org>, src-committers@FreeBSD.org,
	cvs-src@FreeBSD.org, cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/sys/netinet in_pcb.c (priv ports)
Message-ID: <20030221195607.GD92798@dragon.nuxi.com>
Reply-To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org,
	cvs-all@FreeBSD.org
References: <200302210528.h1L5SS0H092948@repoman.freebsd.org> <p05200f0dba7b6c5f4cb2@[128.113.24.47]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <p05200f0dba7b6c5f4cb2@[128.113.24.47]>
User-Agent: Mutt/1.4i
X-Operating-System: FreeBSD 5.0-CURRENT
Organization: The NUXI BSD Group
X-Pgp-Rsa-Fingerprint: B7 4D 3E E9 11 39 5F A3  90 76 5D 69 58 D9 98 7A
X-Pgp-Rsa-Keyid: 1024/34F9F9D5
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG

On Fri, Feb 21, 2003 at 12:54:04AM -0500, Garance A Drosihn wrote:
> >    net.inet.ip.portrange.reservedhigh  default = IPPORT_RESERVED - 1
> >    net.inet.ip.portrange.reservedlo    default = 0
> >
> >  Now you can run that webserver without ever needing root at all. Or
> >  just imagine, an ftpd that can really drop privileges, rather than
> >  just set the euid, and still do PORT data transfers from 20/tcp.
> 
> While this can be useful, it would be nice if there was also an
> exception-mechanism, instead of just a "lo" and "high" value.
> If I want to run a web server without needing root, then I'd like
> to allow port 80, and not an entire range of 0-80 or 80-1024.

You also need to change daemons -- openssh's sshd checks to see if it is
being run by root, rather than just let the OS do it.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message