On what versions of FreeBSD can we unreserve ports?
Z.C.B.
vvelox at vvelox.net
Sat May 27 08:24:38 PDT 2006
On Sat, 27 May 2006 15:51:08 +0200
Ian G <iang at iang.org> wrote:
> On which versions of FreeBSD is it now possible to
> un-reserve ports?
>
> ( I've been waiting for this since forever ... have
> spent countless days - $$$ - trying to install
> workarounds, only to junk them later. I've even
> been paid a consulting gig to develop this, and
> declined to deploy it on my own servers :-/ )
>
> iang
>
>
>
> http://askslim.blogspot.com/2006/05/freebsd-61-disabling-reserverd-ports.html
>
> Friday, May 26, 2006
> FreeBSD 6.1: Disabling Reserverd Ports
>
> A common misfeature found on UN*X operating systems is the
> restriction that only root can bind to ports < 1024. Many a
> dollar has been wasted on workarounds and -often- the
> resulting security holes.
>
> Fortunately on FreeBSD 6.1 (and probably older versions as
> well) you can disable this remnant of trust-by-convention.
>
>
> host$ sysctl net.inet.ip.portrange.reservedhigh=0
>
> That simple. Add it to your /etc/sysctl.conf today!
>
> posted by Slim @ 4:18 PM
That works on releng_5 as well.
Since when is this common for just unix? I would have to double
check, but I am certain windows and nearly everything else does this
as well. Just on windows users run with what would normally be root
privileges.
It does server a useful purpose. It prevents any user from running
services on them.
More information about the freebsd-security
mailing list