Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 2 Jun 1998 08:29:27 -0400 (EDT)
From:      Adam Shostack <adam@homeport.org>
To:        crowland@psionic.com (Craig H. Rowland)
Cc:        regnauld@deepo.prosa.dk, roberto@keltia.freenix.fr, freebsd-security@FreeBSD.ORG
Subject:   Re: /usr/sbin/named
Message-ID:  <199806021229.IAA27816@homeport.org>
In-Reply-To: <Pine.LNX.3.96.980601170112.3784B-100000@dolemite.psionic.com> from "Craig H. Rowland" at "Jun 1, 98 05:08:37 pm"
next in thread | previous in thread | raw e-mail | index | archive | help 
OpenBSD does not.  You may be recalling that I brought it up once on
the OpenBSD tech list, and was unable to suggest an elegant way to
implement it, other than lowering maxreservedport, or adding users who
can bind to any port, neither of which are clean.

Adam


Craig H. Rowland wrote:
| I was originally under this impression as well and have seen
| patches for Linux that do this. Does anyone know what procedures are
| required to do this if it is built in? I also remember reading about this
| feature with FreeBSD as well but can't recall where. If anyone has this
| information I'd love to hear about it so I can update my document.
| 
| Thanks for any pointers..
| 
| -- Craig
| 
| 
| On Mon, 1 Jun 1998, Philippe Regnauld wrote:
| 
| > Craig H. Rowland writes:
| > > 
| > > I have a web page up that describes how to run BIND 8.x under a chroot()
| > > environment under OpenBSD 2.x. A lot of the information should apply to
| > > FreeBSD as well. Here is the URL:
| > > 
| > > http://www.psionic.com/papers/dns.html
| > 
| > 	Didn't OpenBSD go a bit further and allow certain non-root programs
| > 	to bind <1024 for this reason ?
| > 
| > -- 
| >  -[ Philippe Regnauld / sysadmin / regnauld@deepo.prosa.dk / +55.4N +11.3E ]-
| >      «Pluto placed his bad dog at the entrance of Hades to keep the dead
| >       IN and the living  OUT!  The archetypical corporate firewall?»
| >                                                        - S. Kelly Bootle
| > 
| 
| 
| To Unsubscribe: send mail to majordomo@FreeBSD.org
| with "unsubscribe security" in the body of the message
| 


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199806021229.IAA27816>