From owner-freebsd-security  Sun Jun 20 22: 4:15 1999
Delivered-To: freebsd-security@freebsd.org
Received: from rover.village.org (rover.village.org [204.144.255.49])
	by hub.freebsd.org (Postfix) with ESMTP id A6E9114D41
	for <freebsd-security@FreeBSD.ORG>; Sun, 20 Jun 1999 22:04:02 -0700 (PDT)
	(envelope-from imp@harmony.village.org)
Received: from harmony.village.org (harmony.village.org [10.0.0.6])
	by rover.village.org (8.9.3/8.9.3) with ESMTP id XAA67267;
	Sun, 20 Jun 1999 23:04:01 -0600 (MDT)
	(envelope-from imp@harmony.village.org)
Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id XAA95631; Sun, 20 Jun 1999 23:04:54 -0600 (MDT)
Message-Id: <199906210504.XAA95631@harmony.village.org>
To: Frank Tobin <ftobin@bigfoot.com>
Subject: Re: securelevel descr 
Cc: Kirill Nosov <slash@leontief.net>, freebsd-security@FreeBSD.ORG
In-reply-to: Your message of "Fri, 18 Jun 1999 03:02:45 CDT."
		<Pine.BSF.4.10.9906180300090.55794-100000@srh0710.urh.uiuc.edu> 
References: <Pine.BSF.4.10.9906180300090.55794-100000@srh0710.urh.uiuc.edu>  
Date: Sun, 20 Jun 1999 23:04:54 -0600
From: Warner Losh <imp@harmony.village.org>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

In message <Pine.BSF.4.10.9906180300090.55794-100000@srh0710.urh.uiuc.edu> Frank Tobin writes:
: Well, the privileged ports concept is actually something that is a good
: thing, if you can guarantee that only the trusted application X is bound
: to that port, and not a trojaned version setup by an ordinary user.  This
: can be achieved by means of simmutable flags all over the place, and a
: securelevel that doesn't allow any service to open a secure port.

This is an orthgonal thing to securelevel.  Make it a sysctl that
allows anybody to bind to the secure ports when set to 0, root when 1
and nobody when 2 (although that would break rlogin/rsh, but I'll shed
no tears there).  Make this sysctl readonly at higher secure levels.
Make it default to 1.

You could then set it to 0 early in the boot process, start the
daemons, then raise it to 1 or 2 when you are done.

In another post I describe a very brief summary of the NetBSD
discussion on the topic...

Warner


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message