From owner-freebsd-questions  Sun Nov 24 10:01:42 1996
Return-Path: owner-questions
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id KAA01891
          for questions-outgoing; Sun, 24 Nov 1996 10:01:42 -0800 (PST)
Received: from access.kuwait.net (root@access.kuwait.net [194.54.234.234])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id KAA01820
          for <questions@freebsd.org>; Sun, 24 Nov 1996 10:01:10 -0800 (PST)
Received: from localhost(really [199.173.153.182]) by access.kuwait.net
	via sendmail with smtp (ident shadows using rfc1413)
	id <m0vRiq0-000AgqC@access.kuwait.net>
	for <questions@freebsd.org>; Sun, 24 Nov 1996 20:59:28 +0300 (GMT)
	(Smail-3.2 1996-Jul-4 #16 built 1996-Aug-3)
Date: Sun, 24 Nov 1996 21:01:54 +0200 (GMT)
From: Thamer Al-Herbish <shadows@whitefang.com>
X-Sender: shadows@localhost
To: questions@freebsd.org
Subject: Re: Keeping users from bind'ing to ports
In-Reply-To: <199611230016.SAA06854@main.gbdata.com>
Message-ID: <Pine.SOL.3.91.961124205525.476D-100000@localhost>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-questions@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

On Fri, 22 Nov 1996, Gary Clark II wrote:

> David Langford wrote:
> > 
> > Is there a way of keeping some users from being able to run programs
> > that bind to ports over 1024? (i.e. to keep users from running servers)
> I don't know any of doing ths except maybe
> with IP firewall.  Anyone else?

A while back I wrote a hack that basically ran netstat for all listening 
ports, then did a reverse ident query to find out which users where 
running what on what port. There's one problem there, you only know userX 
ran something on port xxxx. I realy wouldnt do this, you have to realise 
there are programs at user level that bind to a port. FTP comes to mind 
where the client opens up an additional port to get the data from.

Ofcourse like I mentioned earlier userX running on port xxx, not a pid 
number there. Look into pidentd and check their code for FreeBSD, how 
they query the kernel for the open ports etc.

The best solution is to use an ip firewall, run all ftp/http/etc through 
a proxy.
 --
Thamer Al-Herbish
shadows@whitefang.com
shadows@kuwait.net
 
        -=WhiteFang UNIX Software Development and Consultancy=-