Date: Thu, 24 Jun 1999 10:57:44 -0300 (GMT) From: Fernando Schapachnik <fpscha@via-net-works.net.ar> To: netch@carrier.kiev.ua (Valentin Nechayev) Cc: freebsd-security@FreeBSD.ORG Subject: Re: proposed secure-level 4 patch Message-ID: <199906241357.KAA18059@ns1.sminter.com.ar> In-Reply-To: <19990622222055.J2436@lucky.net> from Valentin Nechayev at "Jun 22, 99 10:20:55 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
En un mensaje anterior, Valentin Nechayev escribió: [...] > -> Deny all except uid 65530 to bind ports 3128-3130 on bind() with > specified port number. Deny all (uid 65530 also) to bind these ports > implicitly (means: without explicit bind, as first free port number). > One can ask "why"? Because squid can die, and I don't want situation when > a bad user catches one of these ports and prevents squid from restarting. > -> Allow port 25 to be bound by uid 25 (postfix or sendmail, as you wish). > -> Deny implicit binding to ports 6000-6099 for any (but allow explicit > binding, for any user which wants simulate Xserver). > -> Deny all explicit and implicit binding for all to 31337 port, to avoid > fake BO detections. > And so on... > > I have made such implementation, but with ipfw-styled interface. If someone Are these commited? Fernando P. Schapachnik Administración de la red VIA Net Works Argentina SA Diagonal Roque Sáenz Peña 971, 4º y 5º piso. 1035 - Capital Federal, Argentina. (54-11) 4323-3333 http://www.via-net-works.net.ar To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199906241357.KAA18059>