Re: www user than root
From: Kövesdán Gábor (gabor.kovesdan_at_t-hosting.hu)
Date: 06/23/05
- Previous message: Jeremie Le Hen: "Re: Policy routing idea (Was: ipfw: Would it be possible to continue processing rest of rules after match ?)"
- In reply to: Marco Molteni: "Re: www user than root"
- Next in thread: Maxim Konovalov: "Re: www user than root"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Thu, 23 Jun 2005 01:18:32 +0200 To: Marco Molteni <molter@tin.it>
>
>
>I think that the following sysctls do the trick
>
>molter@gattaccio[~]$ sysctl net|grep reserv
>net.inet.ip.portrange.reservedhigh: 1023
>net.inet.ip.portrange.reservedlow: 0
>
>marco
>
>
According to that, one could lower the reservedhigh value to 79, or
increase the reservedlow to 81, but I don't think it would be secure enough.
The hack that Bruce mentioned would be secure, but not too impressive.
I've seen the RBAC (Role-based access control) in Solaris 10 and it did
it nicely. It would be nice to have such feature in FreeBSD. Or even in
TrustedBSD as an experimental project, and it might be merged later if
it seems to be stable.
Cheers,
Gábor Kövesdán
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
- Previous message: Jeremie Le Hen: "Re: Policy routing idea (Was: ipfw: Would it be possible to continue processing rest of rules after match ?)"
- In reply to: Marco Molteni: "Re: www user than root"
- Next in thread: Maxim Konovalov: "Re: www user than root"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
