Date: Fri, 21 Feb 2003 11:56:07 -0800 From: "David O'Brien" <obrien@FreeBSD.org> To: Garance A Drosihn <drosih@rpi.edu> Cc: "Crist J. Clark" <cjc@FreeBSD.org>, src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/netinet in_pcb.c (priv ports) Message-ID: <20030221195607.GD92798@dragon.nuxi.com> In-Reply-To: <p05200f0dba7b6c5f4cb2@[128.113.24.47]> References: <200302210528.h1L5SS0H092948@repoman.freebsd.org> <p05200f0dba7b6c5f4cb2@[128.113.24.47]>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Feb 21, 2003 at 12:54:04AM -0500, Garance A Drosihn wrote: > > net.inet.ip.portrange.reservedhigh default = IPPORT_RESERVED - 1 > > net.inet.ip.portrange.reservedlo default = 0 > > > > Now you can run that webserver without ever needing root at all. Or > > just imagine, an ftpd that can really drop privileges, rather than > > just set the euid, and still do PORT data transfers from 20/tcp. > > While this can be useful, it would be nice if there was also an > exception-mechanism, instead of just a "lo" and "high" value. > If I want to run a web server without needing root, then I'd like > to allow port 80, and not an entire range of 0-80 or 80-1024. You also need to change daemons -- openssh's sshd checks to see if it is being run by root, rather than just let the OS do it. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-src" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030221195607.GD92798>