Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 19 Nov 1996 19:11:50 -0700 (MST)
From:      Marc Slemko <marcs@znep.com>
To:        Mikael Karpberg <karpen@ocean.campus.luth.se>
Cc:        phk@critter.tfs.com, freebsd-security@FreeBSD.ORG
Subject:   binding to ports < 1024 (was: Re: BoS: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2).)
Message-ID:  <Pine.BSF.3.95.961119185458.6339B-100000@alive.ampr.ab.ca>
In-Reply-To: <199611200138.CAA23822@ocean.campus.luth.se>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Wed, 20 Nov 1996, Mikael Karpberg wrote:

> According to Marc Slemko:
> 
> > The biggest problem I see to implementing such a thing is that I can't see
> > a pretty way to make it fit into the sysctl mold without having 1024
> > lines, one for each port < 1024.  Anyone have any ideas on how to do that
> > nicely or if 1024 lines is ok?
> 
> I think it's acceptable wtih 1024 lines. Really... If all ports default
> to root only, how many lines would you have? Do you use all ports < 1024?
> And of many of those things run under inetd , which has to run as root
> anyway. You will probably never use more then a few lines. 

The problem is that the output of a sysctl -a will be very bloated.  If
you could make the variable only appear when changed from the default it
would be a different matter, but I don't think that is practical.  The way
current sysctl variables are done, it also means several thousand more
lines of source, since each option needs a seperate define, etc. It would
also add somewhere between 2k and 40k to the compiled kernel if
implemented the dumb way; I think that is a significant amount for
something with such limited use.  It could easily be hidden behind an
ifdef I guess. 

Oh, and one other thing I missed is that it should be under net.inet.ip
(perhaps; it doesn't quite fit in at that level though) and not tcp
because it applies to both tcp and udp.

> 
> > On Mon, 18 Nov 1996, Poul-Henning Kamp wrote:
> [...]
> > > 	sysctl -w net.inet.tcp.uidforport.25=`id -ur smtp`
> > > 	sysctl -w net.inet.tcp.uidforport.20=`id -ur ftp`
> > > 	sysctl -w net.inet.tcp.uidforport.21=`id -ur ftp`
> > > 	sysctl -w net.inet.tcp.uidforport.119=`id -ur nntp`
> [...]
> 
> Just my $0.02
>   /Mikael
>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95.961119185458.6339B-100000>