From owner-freebsd-hackers  Tue Jan 16 22:47:45 2001
Delivered-To: freebsd-hackers@freebsd.org
Received: from smtpe.casema.net (smtpe.casema.net [195.96.96.172])
	by hub.freebsd.org (Postfix) with SMTP id 461B837B401
	for <hackers@FreeBSD.ORG>; Tue, 16 Jan 2001 22:47:28 -0800 (PST)
Received: (qmail 22318 invoked from network); 17 Jan 2001 06:47:24 -0000
Received: from unknown (HELO slash.b118.binity.net) (212.64.76.64)
  by smtpe.casema.net with SMTP; 17 Jan 2001 06:47:24 -0000
Received: from tsunami.b118.binity.net (tsunami.b118.binity.net [172.18.3.10])
	by slash.b118.binity.net (8.11.1/8.11.1) with ESMTP id f0H6l3Y61953;
	Wed, 17 Jan 2001 07:47:04 +0100 (CET)
	(envelope-from walter@binity.com)
Date: Wed, 17 Jan 2001 07:47:23 +0100
From: "Walter W. Hop" <walter@binity.com>
X-Mailer: The Bat! (v1.49) Educational
Organization: Binity
X-Priority: 3 (Normal)
Message-ID: <19357397493.20010117074723@binity.com>
To: "Michael R. Wayne" <wayne@staff.msen.com>
Cc: hackers@FreeBSD.ORG
Subject: Re: Protections on inetd (and /sbin/* /usr/sbin/* in general)
In-reply-To: <200101170335.WAA18537@manor.msen.com>
References: <200101170335.WAA18537@manor.msen.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

>    The exploit managed to start inetd, camped on the specified port

I guess, if it doesn't exist already, that it wouldn't be so hard to
create a small patch to the kernel, so that only processes owned by root,
or a certain group of users (let's say "daemon"), were allowed to set up
listeners...

walter

--
 Walter W. Hop <walter@binity.com> | +31 6 24290808 | NEW KEY: 0x84813998




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message