From owner-freebsd-security Sun Jun 20 2:55: 5 1999 Delivered-To: freebsd-security@freebsd.org Received: from shell2.ba.best.com (shell2.ba.best.com [206.184.139.133]) by hub.freebsd.org (Postfix) with ESMTP id 42EC514BD3 for ; Sun, 20 Jun 1999 02:54:47 -0700 (PDT) (envelope-from asaddi@philosophysw.com) Received: from localhost (asaddi@localhost) by shell2.ba.best.com (8.9.3/8.9.2/best.sh) with ESMTP id CAA09902; Sun, 20 Jun 1999 02:54:40 -0700 (PDT) X-Authentication-Warning: shell2.ba.best.com: asaddi owned process doing -bs Date: Sun, 20 Jun 1999 02:54:40 -0700 (PDT) From: Allan Saddi X-Sender: asaddi@shell2.ba.best.com To: Frank Tobin , kris@further.com Cc: FreeBSD-security Mailing List Subject: Re: proposed secure-level 4 patch (fwd) In-Reply-To: Message-ID: Organization: Philosophy SoftWorks MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > here is the no-union-mount-in-secure-mode diff and the tcp diff, which > should both be against -current. There are still problems with this no-bind-securelevel patch: 1. It only handles bind requests for tcp. The same modification must be done to udp_bind() in udp_usrreq.c *OR* you can perform the check in in_pcbbind() in in_pcb.c. See my previous posting for my patch. (Which I tested under -stable. Forward-porting to -current should be trivial.) 2. sinp->sin_port is in network byte order. ntohs() should be used on it before comparison. Since network order is big-endian, it surprises me that this patch works. ;) 3. As Brian Buchanan pointed out, port 1024 itself is not privileged. -- Allan Saddi "The Earth is the cradle of mankind, asaddi@philosophysw.com but we cannot live in the cradle http://www.philosophysw.com/asaddi/ forever." - K.E. Tsiolkovsky To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message