Date: Mon, 14 Sep 2009 17:47:18 +0100 From: Freminlins <freminlins@gmail.com> To: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Non-root user and accept() or listen() Message-ID: <eeef1a4c0909140947s5f10b4cdidbd7b41a5539186c@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hi, I am not sure if this exists (but don't think so), so I am asking. Is there a sysctl type thing to disallow non-root users, or indeed any specified user or group, from running a program with listen() ? What I am looking at is improving network security, such that if a user account is compromised it can then not be used to run a dodgy web server/whatever on a non-privileged port. Although I can firewall off any port I wish, it seems like an obvious thing to disallow any user from opening a listening socket in the first place. I am suggesting something like "sysctl user.socket_listen" with enable or disable. Am I being really daft? Or does this exist already? Cheers, Frem.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?eeef1a4c0909140947s5f10b4cdidbd7b41a5539186c>