From owner-freebsd-security Wed Mar 26 10:47:03 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id KAA07797 for security-outgoing; Wed, 26 Mar 1997 10:47:03 -0800 (PST) Received: from enteract.com (root@enteract.com [206.54.252.1]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id KAA07782 for ; Wed, 26 Mar 1997 10:46:59 -0800 (PST) Received: (from tqbf@localhost) by enteract.com (8.8.5/8.7.6) id MAA28107; Wed, 26 Mar 1997 12:45:42 -0600 (CST) From: "Thomas H. Ptacek" Message-Id: <199703261845.MAA28107@enteract.com> Subject: Re: Privileged ports... To: adrian@obiwan.aceonline.com.au (Adrian Chadd) Date: Wed, 26 Mar 1997 12:45:41 -0600 (CST) Cc: dg@root.com, tqbf@enteract.com, adrian@deathstar.ml.org, freebsd-security@FreeBSD.ORG Reply-To: tqbf@enteract.com In-Reply-To: from "Adrian Chadd" at Mar 26, 97 10:50:30 pm X-Mailer: ELM [version 2.4 PL24 ME8a] Content-Type: text Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk > How about assigning each port number a userid which can bind with the > port alongside root? > Should be easy enough to implement, and powerful enough to not need suid > root binaries to bind to priv'ed ports. What does this win you? It is easy enough to do, especially if you can require those UIDs to be contiguous (just add an OID to net.inet.ip for the "start" of the range of UIDs that map to reserved ports), but it also seems to waste a lot of UIDs. ---------------- Thomas Ptacek at EnterAct, L.L.C., Chicago, IL [tqbf@enteract.com] ---------------- "If you're so special, why aren't you dead?"