strange limitation on rcmd()
Simon L. Nielsen
simon at FreeBSD.org
Mon Jul 10 14:17:33 UTC 2006
On 2006.07.10 16:07:06 +0200, Iang wrote:
> Brian Candler wrote:
>
> >Note that only root can bind to reserved ports.
>
> ...
>
> >This mechanism is only valid for trusted hosts, of course. If you allow a
> >random person to put their own PC on the network, they can of course send
> >packets from privileged ports (either by installing Unix with their own
> >root
> >password, or by installing DOS and sending packets which come from
> >privileged ports)
>
> I gather that it is now possible to disable the
> privileged ports thing on FreeBSD at least.
>
> (Thank heavens, I say :)
Actually it is, but it would obviously be a stupid idea to do so any
place where privileged ports are required...
[simon at zaphod:~] sysctl net.inet.ip.portrange.reservedhigh net.inet.ip.portrange.reservedlow
net.inet.ip.portrange.reservedhigh: 1023
net.inet.ip.portrange.reservedlow: 0
--
Simon L. Nielsen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-net/attachments/20060710/a1820e4b/attachment.pgp
More information about the freebsd-net
mailing list