Date: Sun, 20 Jun 1999 23:04:54 -0600 From: Warner Losh <imp@harmony.village.org> To: Frank Tobin <ftobin@bigfoot.com> Cc: Kirill Nosov <slash@leontief.net>, freebsd-security@FreeBSD.ORG Subject: Re: securelevel descr Message-ID: <199906210504.XAA95631@harmony.village.org> In-Reply-To: Your message of "Fri, 18 Jun 1999 03:02:45 CDT." <Pine.BSF.4.10.9906180300090.55794-100000@srh0710.urh.uiuc.edu> References: <Pine.BSF.4.10.9906180300090.55794-100000@srh0710.urh.uiuc.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <Pine.BSF.4.10.9906180300090.55794-100000@srh0710.urh.uiuc.edu> Frank Tobin writes: : Well, the privileged ports concept is actually something that is a good : thing, if you can guarantee that only the trusted application X is bound : to that port, and not a trojaned version setup by an ordinary user. This : can be achieved by means of simmutable flags all over the place, and a : securelevel that doesn't allow any service to open a secure port. This is an orthgonal thing to securelevel. Make it a sysctl that allows anybody to bind to the secure ports when set to 0, root when 1 and nobody when 2 (although that would break rlogin/rsh, but I'll shed no tears there). Make this sysctl readonly at higher secure levels. Make it default to 1. You could then set it to 0 early in the boot process, start the daemons, then raise it to 1 or 2 when you are done. In another post I describe a very brief summary of the NetBSD discussion on the topic... Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199906210504.XAA95631>