From owner-freebsd-security  Fri Jun 18  1: 2:49 1999
Delivered-To: freebsd-security@freebsd.org
Received: from srh0710.urh.uiuc.edu (srh0710.urh.uiuc.edu [130.126.76.32])
	by hub.freebsd.org (Postfix) with SMTP id C280A14FE0
	for <freebsd-security@FreeBSD.ORG>; Fri, 18 Jun 1999 01:02:47 -0700 (PDT)
	(envelope-from ftobin@bigfoot.com)
Received: (qmail 55815 invoked by uid 1000); 18 Jun 1999 08:02:45 -0000
Received: from localhost (sendmail-bs@127.0.0.1)
  by localhost with SMTP; 18 Jun 1999 08:02:45 -0000
Date: Fri, 18 Jun 1999 03:02:45 -0500 (CDT)
From: Frank Tobin <ftobin@bigfoot.com>
X-Sender: ftobin@srh0710.urh.uiuc.edu
To: Kirill Nosov <slash@leontief.net>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: securelevel descr
In-Reply-To: <99061811465300.10975@MirStation.leontief.nw.ru>
Message-ID: <Pine.BSF.4.10.9906180300090.55794-100000@srh0710.urh.uiuc.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Kirill Nosov, at 11:40 on Fri, 18 Jun 1999, wrote:

> As far as i remeber there was a discussion about implementing the
> dependence between uid and port you are able to open - to eliminate
> the 'priveleged ports' concept. That was a great idea from my point of
> view.  If it will be iimplemented in future FreeBSD versions ? As far
> as i see it is possible to be done w/o any changes in '3rd party
> software' , just by means of FreeBSD core.

Well, the privileged ports concept is actually something that is a good
thing, if you can guarantee that only the trusted application X is bound
to that port, and not a trojaned version setup by an ordinary user.  This
can be achieved by means of simmutable flags all over the place, and a
securelevel that doesn't allow any service to open a secure port.

-- 
Frank Tobin			"To learn what is good and what is to be
http://www.bigfoot.com/~ftobin	 valued, those truths which cannot be
				 shaken or changed." Myst: The Book of Atrus
FreeBSD: The Power To Serve

PGPenvelope = GPG and PGP5 + Pine             PGP:  4F86 3BBB A816 6F0A 340F
http://www.bigfoot.com/~ftobin/resources.html       6003 56FF D10A 260C 4FA3



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message