Date: Thu, 23 Jun 2005 01:18:32 +0200 From: =?ISO-8859-1?Q?K=F6vesd=E1n_G=E1bor?= <gabor.kovesdan@t-hosting.hu> To: Marco Molteni <molter@tin.it> Cc: freebsd-net@freebsd.org, xtremejames183@msn.com Subject: Re: www user than root Message-ID: <42B9F1C8.7070702@t-hosting.hu> In-Reply-To: <20050622180841.56be8f27.molter@tin.it> References: <BAY11-F12EF48C9216082BFB35A7B9CEB0@phx.gbl> <20050622151406.GG791@empiric.icir.org> <20050622180841.56be8f27.molter@tin.it>
next in thread | previous in thread | raw e-mail | index | archive | help
> > >I think that the following sysctls do the trick > >molter@gattaccio[~]$ sysctl net|grep reserv >net.inet.ip.portrange.reservedhigh: 1023 >net.inet.ip.portrange.reservedlow: 0 > >marco > > According to that, one could lower the reservedhigh value to 79, or increase the reservedlow to 81, but I don't think it would be secure enough. The hack that Bruce mentioned would be secure, but not too impressive. I've seen the RBAC (Role-based access control) in Solaris 10 and it did it nicely. It would be nice to have such feature in FreeBSD. Or even in TrustedBSD as an experimental project, and it might be merged later if it seems to be stable. Cheers, Gábor Kövesdán
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?42B9F1C8.7070702>