Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 20 Jun 1999 23:04:54 -0600
From:      Warner Losh <imp@harmony.village.org>
To:        Frank Tobin <ftobin@bigfoot.com>
Cc:        Kirill Nosov <slash@leontief.net>, freebsd-security@FreeBSD.ORG
Subject:   Re: securelevel descr 
Message-ID:  <199906210504.XAA95631@harmony.village.org>
In-Reply-To: Your message of "Fri, 18 Jun 1999 03:02:45 CDT." <Pine.BSF.4.10.9906180300090.55794-100000@srh0710.urh.uiuc.edu> 
References:  <Pine.BSF.4.10.9906180300090.55794-100000@srh0710.urh.uiuc.edu>  

next in thread | previous in thread | raw e-mail | index | archive | help
In message <Pine.BSF.4.10.9906180300090.55794-100000@srh0710.urh.uiuc.edu> Frank Tobin writes:
: Well, the privileged ports concept is actually something that is a good
: thing, if you can guarantee that only the trusted application X is bound
: to that port, and not a trojaned version setup by an ordinary user.  This
: can be achieved by means of simmutable flags all over the place, and a
: securelevel that doesn't allow any service to open a secure port.

This is an orthgonal thing to securelevel.  Make it a sysctl that
allows anybody to bind to the secure ports when set to 0, root when 1
and nobody when 2 (although that would break rlogin/rsh, but I'll shed
no tears there).  Make this sysctl readonly at higher secure levels.
Make it default to 1.

You could then set it to 0 early in the boot process, start the
daemons, then raise it to 1 or 2 when you are done.

In another post I describe a very brief summary of the NetBSD
discussion on the topic...

Warner


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199906210504.XAA95631>