Date: Fri, 03 Jul 1998 03:28:10 -0700 From: David Greenman <dg@root.com> To: "Allen Smith" <easmith@beatrice.rutgers.edu> Cc: rotel@indigo.ie, security@FreeBSD.ORG, njs3@doc.ic.ac.uk, dima@best.net, abc@ralph.ml.org, tqbf@secnet.com Subject: Re: bsd securelevel patch question Message-ID: <199807031028.DAA06648@implode.root.com> In-Reply-To: Your message of "Fri, 03 Jul 1998 05:53:35 EDT." <9807030553.ZM8446@beatrice.rutgers.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
>On Jul 2, 9:00am, David Greenman (possibly) wrote: > >> Um, well, let's talk about FTP servers, then, since those do a privileged >> bind() for every data connection that is estabilished (one per file >> transfer). > >Good point. The various examples here are pointing out something: in >most cases, and so far as I know in all of the most frequent cases, >it's only necessary to be able to bind to _one_ privileged port. (By >'the most frequent cases', I'm referring to that while the FTP server >has to bind to both port 20 and port 21, the latter is far more >frequent than the former - the first just happens when starting up a >new daemon (and is usually done by inetd in any event).) This implies >that one way to speed things up would be to have as extra fields in a >privilege structure (or as part of the ucred structure) the main tcp >or udp port the process is permitted to bind to. In this way, one >would simply check: > A. does the process have the PRIV_TCP (or PRIV_UDP) privilege; > B. if so, is the port in the privilege/ucred structure equal > to the requested one (with a 0 meaning none has been > established)? If so, allow > C. if not, do whatever scanning is necessary to figure out if > the port is allowable; if it is, then put that port # in > the privilege/ucred structure Okay, so you are saying that the PRIV_* port privileges would be honored only for the first privileged port number that is bind()'ed [sic]? Hmmm...sounds interesting. I like that a lot better than assigning 1024 gids to TCP, another 1024 gids to UDP, etc. -DG David Greenman Co-founder/Principal Architect, The FreeBSD Project To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199807031028.DAA06648>