From owner-freebsd-hackers  Sun Sep 22 22: 0:13 2002
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id A18FF37B401; Sun, 22 Sep 2002 22:00:12 -0700 (PDT)
Received: from sccrmhc03.attbi.com (sccrmhc03.attbi.com [204.127.202.63])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id CD88B43E42; Sun, 22 Sep 2002 22:00:11 -0700 (PDT)
	(envelope-from julian@elischer.org)
Received: from InterJet.elischer.org ([12.232.206.8])
          by sccrmhc03.attbi.com
          (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP
          id <20020923050011.GGJZ28420.sccrmhc03.attbi.com@InterJet.elischer.org>;
          Mon, 23 Sep 2002 05:00:11 +0000
Received: from localhost (localhost.elischer.org [127.0.0.1])
	by InterJet.elischer.org (8.9.1a/8.9.1) with ESMTP id VAA32433;
	Sun, 22 Sep 2002 21:46:13 -0700 (PDT)
Date: Sun, 22 Sep 2002 21:46:13 -0700 (PDT)
From: Julian Elischer <julian@elischer.org>
To: Juli Mallett <jmallett@FreeBSD.org>
Cc: Paul Schenkeveld <fb-hackers@psconsult.nl>,
	FreeBSD Hackers <freebsd-hackers@freebsd.org>
Subject: Re: Just a wild idea
In-Reply-To: <20020922213311.A99425@FreeBSD.org>
Message-ID: <Pine.BSF.4.21.0209222144400.32087-100000@InterJet.elischer.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG



On Sun, 22 Sep 2002, Juli Mallett wrote:

> * De: Paul Schenkeveld <fb-hackers@psconsult.nl> [ Data: 2002-09-22 ]
> 	[ Subjecte: Just a wild idea ]
> > Hi All,
> > 
> > I've been playing with jails for over 2 years now.  I really like
> > them but we often use them to run a process as root with reduced
> > power only to get access to TCP and UDP ports below 1024.
> > 
> > For many applications however, for example lpd, named, sendmail,
> > tac_plus and others, it would be more than good enough to run that
> > program as a normal, non-root user provided there is a way to bind
> > to that single low TCP and/or UDP port that the program needs access
> > to.

better to have a definition of what are restricted ports for each jail
than to redefine what root is....

(1024 numbers is only 32 words of bitmask)

(just my opinion)






To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message