Date: 18 Jun 1999 12:45:42 +0200 From: Dag-Erling Smorgrav <des@flood.ping.uio.no> To: slash@leontief.net Cc: Frank Tobin <ftobin@bigfoot.com>, freebsd-security@FreeBSD.ORG Subject: Re: securelevel descr Message-ID: <xzpso7pzt0p.fsf@flood.ping.uio.no> In-Reply-To: Kirill Nosov's message of "Fri, 18 Jun 1999 12:08:25 %2B0400" References: <Pine.BSF.4.10.9906180300090.55794-100000@srh0710.urh.uiuc.edu> <99061812174202.10975@MirStation.leontief.nw.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
Kirill Nosov <slash@leontief.net> writes: > But the idea discussed will allow to run daemons on priveleged ports under > non-root priveleges. So you will create a user sendmail with 25 uid and only it > will be able to bind to 25 port. That will allow to lower the probability of > remote ( and local) root compromises. This can possibly be achieved by extending portalfs to allow wiring down hostname/port pairs and support chown / chmod on wired-down sockets. DES -- Dag-Erling Smorgrav - des@flood.ping.uio.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzpso7pzt0p.fsf>