Date: Sat, 19 Jun 1999 00:56:19 -0500 (CDT) From: Frank Tobin <ftobin@bigfoot.com> To: FreeBSD-security Mailing List <freebsd-security@freebsd.org> Subject: proposed secure-level 4 patch Message-ID: <Pine.BSF.4.10.9906190053050.60212-200000@srh0710.urh.uiuc.edu>
next in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] Okay, a good friend of mine Kris Wehner has written a patch to implement the proposed securelevel of 4, which would disallow the opening of secure ports (<1024) while in the securelevel of 4. The patch is against 3.2-STABLE kernel, as of within 12 hours. I'd like to hear more comments before I send it as a send-pr. The patch is attached. -- Frank Tobin "To learn what is good and what is to be http://www.bigfoot.com/~ftobin valued, those truths which cannot be shaken or changed." Myst: The Book of Atrus FreeBSD: The Power To Serve PGPenvelope = GPG and PGP5 + Pine PGP: 4F86 3BBB A816 6F0A 340F http://www.bigfoot.com/~ftobin/resources.html 6003 56FF D10A 260C 4FA3 [-- Attachment #2 --] *** tcp_usrreq.c.orig Fri Jun 18 19:12:18 1999 --- tcp_usrreq.c Fri Jun 18 19:15:49 1999 *************** *** 185,190 **** --- 185,198 ---- error = EAFNOSUPPORT; goto out; } + /* + * Disallow bind if we are in super secure mode and port <= 1024 + */ + if (sinp->sin_family == AF_INET && sinp->sin_port <= 1024 && + securelevel >= 4) { + error = EACCES; + goto out; + } error = in_pcbbind(inp, nam, p); if (error) goto out;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9906190053050.60212-200000>