strange limitation on rcmd()

Simon L. Nielsen simon at FreeBSD.org
Mon Jul 10 14:17:33 UTC 2006


On 2006.07.10 16:07:06 +0200, Iang wrote:
> Brian Candler wrote:
> 
> >Note that only root can bind to reserved ports.
> 
> ...
> 
> >This mechanism is only valid for trusted hosts, of course. If you allow a
> >random person to put their own PC on the network, they can of course send
> >packets from privileged ports (either by installing Unix with their own 
> >root
> >password, or by installing DOS and sending packets which come from
> >privileged ports)
> 
> I gather that it is now possible to disable the
> privileged ports thing on FreeBSD at least.
> 
> (Thank heavens, I say :)

Actually it is, but it would obviously be a stupid idea to do so any
place where privileged ports are required...

[simon at zaphod:~] sysctl net.inet.ip.portrange.reservedhigh net.inet.ip.portrange.reservedlow
net.inet.ip.portrange.reservedhigh: 1023
net.inet.ip.portrange.reservedlow: 0

-- 
Simon L. Nielsen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20060710/a1820e4b/attachment.pgp


More information about the freebsd-security mailing list