From owner-freebsd-security@FreeBSD.ORG Sun May 28 11:46:14 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B715216A801 for ; Sun, 28 May 2006 11:46:14 +0000 (UTC) (envelope-from iang@iang.org) Received: from mx1.sonance.net (mx1.sonance.net [62.116.45.222]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2489943D46 for ; Sun, 28 May 2006 11:46:14 +0000 (GMT) (envelope-from iang@iang.org) Received: from localhost (mf1 [127.0.0.1]) by mx1.sonance.net (Postfix) with ESMTP id 2987814013; Sun, 28 May 2006 13:46:09 +0200 (CEST) Received: from mx1.sonance.net ([127.0.0.1]) by localhost (mf1 [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 08388-07; Sun, 28 May 2006 13:46:08 +0200 (CEST) Received: from postix.sonance.net (zentrix [192.168.0.223]) by mx1.sonance.net (Postfix) with ESMTP id DF4571400A; Sun, 28 May 2006 13:46:07 +0200 (CEST) Received: from localhost (zentrix [127.0.0.1]) by postix.sonance.net (Postfix) with ESMTP id DD15717B51D; Sun, 28 May 2006 13:46:06 +0200 (CEST) Received: from postix.sonance.net ([127.0.0.1]) by localhost (zentrix [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 00644-06; Sun, 28 May 2006 13:46:03 +0200 (CEST) Received: from [IPv6???1] (zentrix [127.0.0.1]) by postix.sonance.net (Postfix) with ESMTP id 551FD17B4DE; Sun, 28 May 2006 13:46:03 +0200 (CEST) Message-ID: <44798CAE.8000602@iang.org> Date: Sun, 28 May 2006 13:42:38 +0200 From: Ian G Organization: http://iang.org/ User-Agent: Mozilla Thunderbird 1.0.6 (X11/20051013) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Patrick Proniewski References: <4478594C.6080309@iang.org> <458F3682-0DBB-4AC0-A300-C7C38756165A@patpro.net> In-Reply-To: <458F3682-0DBB-4AC0-A300-C7C38756165A@patpro.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: sonance network anti-spam amavisd-new-20030616-p10 controlled spam X-Virus-Scanned: sonance network anti-spam amavisd-new-20030616-p10 controlled spam Cc: FreeBSD Security List Subject: Re: On what versions of FreeBSD can we unreserve ports? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 28 May 2006 11:46:15 -0000 Patrick Proniewski wrote: > On 27 mai 2006, at 15:51, Ian G wrote: > >> On which versions of FreeBSD is it now possible to >> un-reserve ports? > > >> host$ sysctl net.inet.ip.portrange.reservedhigh=0 > > > > According to freebsd web site, it has first came with 5.1R (http:// > www.freebsd.org/releases/5.1R/relnotes-i386.html). By the way, you > might want to take a look to MAC implementation, and especially: > http://www.freebsd.org/cgi/man.cgi?query=mac_portacl&sektion=4 > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/mac.html From link above: "It is now possible to specify the range of ``privileged ports'' (TCP and UDP ports that require superuser access to bind(2) to). The range is now specified with the net.inet.ip.portrange.reservedlow and net.inet.ip.portrange.reservedhigh sysctl variables, defaulting to the traditional UNIX behavior. This feature is intended to help network servers bind to traditionally privileged ports without requiring superuser access. ip(4) has more details." Thanks! iang