Re: On what versions of FreeBSD can we unreserve ports?

On Sat, 27 May 2006 15:51:08 +0200
Ian G <iang@iang.org> wrote:

> On which versions of FreeBSD is it now possible to
> un-reserve ports?
> 
> ( I've been waiting for this since forever ... have
> spent countless days - $$$ - trying to install
> workarounds, only to junk them later.  I've even
> been paid a consulting gig to develop this, and
> declined to deploy it on my own servers :-/ )
> 
> iang
> 
> 
> 
> http://askslim.blogspot.com/2006/05/freebsd-61-disabling-reserverd-ports.html
> 
> Friday, May 26, 2006
> FreeBSD 6.1: Disabling Reserverd Ports
> 
> A common misfeature found on UN*X operating systems is the
> restriction that only root can bind to ports < 1024. Many a
> dollar has been wasted on workarounds and -often- the
> resulting security holes.
> 
> Fortunately on FreeBSD 6.1 (and probably older versions as
> well) you can disable this remnant of trust-by-convention.
> 
> 
> host$ sysctl net.inet.ip.portrange.reservedhigh=0
> 
> That simple. Add it to your /etc/sysctl.conf today!
> 
> posted by Slim @ 4:18 PM

That works on releng_5 as well. 

Since when is this common for just unix? I would have to double
check, but I am certain windows and nearly everything else does this
as well. Just on windows users run with what would normally be root
privileges.

It does server a useful purpose. It prevents any user from running
services on them.
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"