www user than root
Kövesdán Gábor
gabor.kovesdan at t-hosting.hu
Wed Jun 22 23:18:37 GMT 2005
>
>
>I think that the following sysctls do the trick
>
>molter at gattaccio[~]$ sysctl net|grep reserv
>net.inet.ip.portrange.reservedhigh: 1023
>net.inet.ip.portrange.reservedlow: 0
>
>marco
>
>
According to that, one could lower the reservedhigh value to 79, or
increase the reservedlow to 81, but I don't think it would be secure enough.
The hack that Bruce mentioned would be secure, but not too impressive.
I've seen the RBAC (Role-based access control) in Solaris 10 and it did
it nicely. It would be nice to have such feature in FreeBSD. Or even in
TrustedBSD as an experimental project, and it might be merged later if
it seems to be stable.
Cheers,
Gábor Kövesdán
More information about the freebsd-net
mailing list