Date: Tue, 7 Jan 1997 20:45:17 -0700 (MST) From: Brandon Gillespie <brandon@cold.org> To: freebsd-hackers@freebsd.org Subject: Selective Port Control (was Re: sendmail running non-root SUCCESS!) Message-ID: <Pine.NEB.3.95.970107203638.26679C-100000@cold.org> In-Reply-To: <Pine.BSF.3.95.970107204204.1023A-100000@fools.ecpnet.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 7 Jan 1997, Jimbo Bahooli wrote: > 6. edit /etc/sendmail.cf to bind to a port above the 1024 line. example: > > O DaemonPortOptions=Port=2025 > > 7. edit /etc/inetd.conf to redirect to port 2025 using netcat. example: I'm not sure how feasable it is, but one thing that would make securing some network services EXTREMELY easier would be to be able to dynamically configure port permissions, rather than to globally restrict them to 'root' Perhaps something like /etc/port.access which is formated as the 'port' (either an integer or service name) followed by some sort of access specifier, such as the common group.user, examples: smtp daemon.mail nntp newsman.news 480 special.group http webman.www etc.. Just a thought, but it'd not only help in securing things from running as root but it'd make it a lot easier to customize daemons privately, amoung many others. The security factor alone would seem to be a win. Off the bat I would think most services would run as other users if this were available.. -Brandon Gillespie
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.95.970107203638.26679C-100000>