Date: Fri, 18 Jun 1999 03:02:45 -0500 (CDT) From: Frank Tobin <ftobin@bigfoot.com> To: Kirill Nosov <slash@leontief.net> Cc: freebsd-security@FreeBSD.ORG Subject: Re: securelevel descr Message-ID: <Pine.BSF.4.10.9906180300090.55794-100000@srh0710.urh.uiuc.edu> In-Reply-To: <99061811465300.10975@MirStation.leontief.nw.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
Kirill Nosov, at 11:40 on Fri, 18 Jun 1999, wrote: > As far as i remeber there was a discussion about implementing the > dependence between uid and port you are able to open - to eliminate > the 'priveleged ports' concept. That was a great idea from my point of > view. If it will be iimplemented in future FreeBSD versions ? As far > as i see it is possible to be done w/o any changes in '3rd party > software' , just by means of FreeBSD core. Well, the privileged ports concept is actually something that is a good thing, if you can guarantee that only the trusted application X is bound to that port, and not a trojaned version setup by an ordinary user. This can be achieved by means of simmutable flags all over the place, and a securelevel that doesn't allow any service to open a secure port. -- Frank Tobin "To learn what is good and what is to be http://www.bigfoot.com/~ftobin valued, those truths which cannot be shaken or changed." Myst: The Book of Atrus FreeBSD: The Power To Serve PGPenvelope = GPG and PGP5 + Pine PGP: 4F86 3BBB A816 6F0A 340F http://www.bigfoot.com/~ftobin/resources.html 6003 56FF D10A 260C 4FA3 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9906180300090.55794-100000>