Date: Thu, 2 Jul 1998 18:23:39 +0000 From: Niall Smart <rotel@indigo.ie> To: Poul-Henning Kamp <phk@critter.freebsd.dk>, rotel@indigo.ie Cc: "Allen Smith" <easmith@beatrice.rutgers.edu>, dg@root.com, security@FreeBSD.ORG, njs3@doc.ic.ac.uk, dima@best.net, abc@ralph.ml.org, tqbf@secnet.com Subject: Re: bsd securelevel patch question Message-ID: <199807021723.SAA00883@indigo.ie> In-Reply-To: Poul-Henning Kamp <phk@critter.freebsd.dk> "Re: bsd securelevel patch question" (Jul 2, 7:04pm)
next in thread | previous in thread | raw e-mail | index | archive | help
On Jul 2, 7:04pm, Poul-Henning Kamp wrote: } Subject: Re: bsd securelevel patch question > > > >Thats not true, if he hacks the user/group that the web server runs > >at then he only owns the web server, the only additional priviledge > >he gains is the ability to bind to port 80. > > which is worse that the standard: he cannot bind to any port < 1024. Well, this depends on how the server runs, if it binds to the port and then setuid()'s to a lower priviledge then this is true. There are clients out there that are purely setuid just so they can bind to a port < 1024 however, so it has valid uses. Niall -- Niall Smart. PGP: finger njs3@motmot.doc.ic.ac.uk FreeBSD: Turning PC's into Workstations: www.freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199807021723.SAA00883>