Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 7 Jul 1997 13:59:08 -0400 (EDT)
From:      Brian Mitchell <brian@firehouse.net>
To:        Robert N Watson <rnw@andrew.cmu.edu>
Cc:        "Jonathan M. Bresler" <jmb@FreeBSD.ORG>, freebsd-security@FreeBSD.ORG
Subject:   Re: Security Model/Target for FreeBSD or 4.4?
Message-ID:  <Pine.BSI.3.95.970707135535.16314A-100000@shell.firehouse.net>
In-Reply-To: <Pine.SUN.3.93l.970707130204.13617D-100000@apriori.cc.cmu.edu>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Mon, 7 Jul 1997, Robert N Watson wrote:

> 
> I've heard that OpenBSD now has a feature to allow non-root users to bind
> to <1024 ports.  It would be nice to see something similar to that under
> FreeBSD -- half the daemons (not a verified figure) that run as root
> probably don't need root access, except to bind to the port (named,
> sendmail, web servers, etc.)  I believe the OpenBSD implementation just
> gives this access to the daemon user (or something to that extent?  Would
> love details), but perhaps we could go for something a little more
> sophisticated if it doesn't up the overhead too much on the kernel?  A
> limited list of (port, user) (say a max of 64, except as configured in the
> kernel), and if the bind() call matches this for TCP, allow the program to
> bind, for example.  An appropriate root-owned file (/etc/rc.conf?) could
> define those permissions in an ipfirewall-style setup, running early in
> the rc sequence.
> 
> This would potentially open up more holes as extra configuration files
> have to be monitored, and add more overhead on bind() calls, not to
> mention adding a configuration mechanism, but not suffering from the
> numerous problems involving daemons running as root (without having to
> rewrite all the daemons) would be nice.  Even the single-user
> unconfigurable approach (root and daemon can bind) would be better than
> nothing.

I kinda doubt openbsd has such a facility, but i dont know. I'll have to
look into that when I get home :). I implemented such a feature for port
20 binds via a sysctl

net.inet.ip.ftpbinduid: 0

theo thought the idea for it was ... less than good, and said he did not
like the whole idea of nonroot users being able to bind privledged ports.


Brian Mitchell                           brian@firehouse.net
"BSD code sucks. Of course, everything else sucks far more."
- Theo de Raadt

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSI.3.95.970707135535.16314A-100000>