Date: Sun, 22 Sep 2002 21:46:13 -0700 (PDT) From: Julian Elischer <julian@elischer.org> To: Juli Mallett <jmallett@FreeBSD.org> Cc: Paul Schenkeveld <fb-hackers@psconsult.nl>, FreeBSD Hackers <freebsd-hackers@freebsd.org> Subject: Re: Just a wild idea Message-ID: <Pine.BSF.4.21.0209222144400.32087-100000@InterJet.elischer.org> In-Reply-To: <20020922213311.A99425@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 22 Sep 2002, Juli Mallett wrote: > * De: Paul Schenkeveld <fb-hackers@psconsult.nl> [ Data: 2002-09-22 ] > [ Subjecte: Just a wild idea ] > > Hi All, > > > > I've been playing with jails for over 2 years now. I really like > > them but we often use them to run a process as root with reduced > > power only to get access to TCP and UDP ports below 1024. > > > > For many applications however, for example lpd, named, sendmail, > > tac_plus and others, it would be more than good enough to run that > > program as a normal, non-root user provided there is a way to bind > > to that single low TCP and/or UDP port that the program needs access > > to. better to have a definition of what are restricted ports for each jail than to redefine what root is.... (1024 numbers is only 32 words of bitmask) (just my opinion) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0209222144400.32087-100000>