Date: Mon, 10 Jul 2006 16:17:30 +0200 From: "Simon L. Nielsen" <simon@FreeBSD.org> To: Iang <iang@iang.org> Cc: freebsd-security@freebsd.org, Mikhail Teterin <mi+mx@aldan.algebra.com>, net@freebsd.org, imp@freebsd.org, Brian Candler <B.Candler@pobox.com> Subject: Re: strange limitation on rcmd() Message-ID: <20060710141729.GF1101@zaphod.nitro.dk> In-Reply-To: <44B25F0A.5040709@iang.org> References: <200607072030.01999.mi%2Bmx@aldan.algebra.com> <20060708213932.GA41178@uk.tiscali.com> <44B25F0A.5040709@iang.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--YToU2i3Vx8H2dn7O Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2006.07.10 16:07:06 +0200, Iang wrote: > Brian Candler wrote: >=20 > >Note that only root can bind to reserved ports. >=20 > ... >=20 > >This mechanism is only valid for trusted hosts, of course. If you allow a > >random person to put their own PC on the network, they can of course send > >packets from privileged ports (either by installing Unix with their own= =20 > >root > >password, or by installing DOS and sending packets which come from > >privileged ports) >=20 > I gather that it is now possible to disable the > privileged ports thing on FreeBSD at least. >=20 > (Thank heavens, I say :) Actually it is, but it would obviously be a stupid idea to do so any place where privileged ports are required... [simon@zaphod:~] sysctl net.inet.ip.portrange.reservedhigh net.inet.ip.port= range.reservedlow net.inet.ip.portrange.reservedhigh: 1023 net.inet.ip.portrange.reservedlow: 0 --=20 Simon L. Nielsen --YToU2i3Vx8H2dn7O Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (FreeBSD) iD8DBQFEsmF5h9pcDSc1mlERAq7RAJ9mpDSX+M8NDrC5jMScYITwB0eyCwCfd1jp R9tCljciXvIJNmsUKHWtdJU= =R23T -----END PGP SIGNATURE----- --YToU2i3Vx8H2dn7O--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060710141729.GF1101>