From owner-freebsd-security  Fri Jun 18  3:45:52 1999
Delivered-To: freebsd-security@freebsd.org
Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31])
	by hub.freebsd.org (Postfix) with ESMTP id AF6D314F19
	for <freebsd-security@FreeBSD.ORG>; Fri, 18 Jun 1999 03:45:49 -0700 (PDT)
	(envelope-from des@flood.ping.uio.no)
Received: (from des@localhost)
	by flood.ping.uio.no (8.9.3/8.9.1) id MAA48579;
	Fri, 18 Jun 1999 12:45:43 +0200 (CEST)
	(envelope-from des)
To: slash@leontief.net
Cc: Frank Tobin <ftobin@bigfoot.com>, freebsd-security@FreeBSD.ORG
Subject: Re: securelevel descr
References: <Pine.BSF.4.10.9906180300090.55794-100000@srh0710.urh.uiuc.edu> <99061812174202.10975@MirStation.leontief.nw.ru>
From: Dag-Erling Smorgrav <des@flood.ping.uio.no>
Date: 18 Jun 1999 12:45:42 +0200
In-Reply-To: Kirill Nosov's message of "Fri, 18 Jun 1999 12:08:25 +0400"
Message-ID: <xzpso7pzt0p.fsf@flood.ping.uio.no>
Lines: 13
X-Mailer: Gnus v5.5/Emacs 19.34
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Kirill Nosov <slash@leontief.net> writes:
> But the idea discussed will allow to run daemons on priveleged ports under
> non-root priveleges. So you will create a user sendmail with 25 uid and only it
> will be able to bind to 25 port. That will allow to lower the probability of
> remote ( and local) root compromises.

This can possibly be achieved by extending portalfs to allow wiring
down hostname/port pairs and support chown / chmod on wired-down
sockets.

DES
-- 
Dag-Erling Smorgrav - des@flood.ping.uio.no


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message