On which versions of FreeBSD is it now possible to un-reserve ports? ( I've been waiting for this since forever ... have spent countless days - $$$ - trying to install workarounds, only to junk them later. I've even been paid a consulting gig to develop this, and declined to deploy it on my own servers :-/ ) iang http://askslim.blogspot.com/2006/05/freebsd-61-disabling-reserverd-ports.html Friday, May 26, 2006 FreeBSD 6.1: Disabling Reserverd Ports A common misfeature found on UN*X operating systems is the restriction that only root can bind to ports < 1024. Many a dollar has been wasted on workarounds and -often- the resulting security holes. Fortunately on FreeBSD 6.1 (and probably older versions as well) you can disable this remnant of trust-by-convention. host$ sysctl net.inet.ip.portrange.reservedhigh=0 That simple. Add it to your /etc/sysctl.conf today! posted by Slim @ 4:18 PM
Patrick Proniewski
2006-May-27 14:24 UTC
On what versions of FreeBSD can we unreserve ports?
On 27 mai 2006, at 15:51, Ian G wrote:> On which versions of FreeBSD is it now possible to > un-reserve ports?> host$ sysctl net.inet.ip.portrange.reservedhigh=0According to freebsd web site, it has first came with 5.1R (http:// www.freebsd.org/releases/5.1R/relnotes-i386.html). By the way, you might want to take a look to MAC implementation, and especially: http://www.freebsd.org/cgi/man.cgi?query=mac_portacl&sektion=4 http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/mac.html patpro
On which versions of FreeBSD is it now possible to un-reserve ports? ( I've been waiting for this since forever ... have spent countless days - $$$ - trying to install workarounds, only to junk them later. I've even been paid a consulting gig to develop this, and declined to deploy it on my own servers :-/ ) iang http://askslim.blogspot.com/2006/05/freebsd-61-disabling-reserverd-ports.html Friday, May 26, 2006 FreeBSD 6.1: Disabling Reserverd Ports A common misfeature found on UN*X operating systems is the restriction that only root can bind to ports < 1024. Many a dollar has been wasted on workarounds and -often- the resulting security holes. Fortunately on FreeBSD 6.1 (and probably older versions as well) you can disable this remnant of trust-by-convention. host$ sysctl net.inet.ip.portrange.reservedhigh=0 That simple. Add it to your /etc/sysctl.conf today! posted by Slim @ 4:18 PM
On Sat, 27 May 2006 15:51:08 +0200 Ian G <iang@iang.org> wrote:> On which versions of FreeBSD is it now possible to > un-reserve ports? > > ( I've been waiting for this since forever ... have > spent countless days - $$$ - trying to install > workarounds, only to junk them later. I've even > been paid a consulting gig to develop this, and > declined to deploy it on my own servers :-/ ) > > iang > > > > http://askslim.blogspot.com/2006/05/freebsd-61-disabling-reserverd-ports.html > > Friday, May 26, 2006 > FreeBSD 6.1: Disabling Reserverd Ports > > A common misfeature found on UN*X operating systems is the > restriction that only root can bind to ports < 1024. Many a > dollar has been wasted on workarounds and -often- the > resulting security holes. > > Fortunately on FreeBSD 6.1 (and probably older versions as > well) you can disable this remnant of trust-by-convention. > > > host$ sysctl net.inet.ip.portrange.reservedhigh=0 > > That simple. Add it to your /etc/sysctl.conf today! > > posted by Slim @ 4:18 PMThat works on releng_5 as well. Since when is this common for just unix? I would have to double check, but I am certain windows and nearly everything else does this as well. Just on windows users run with what would normally be root privileges. It does server a useful purpose. It prevents any user from running services on them.