search for: reservedhigh

...restriction that only root can bind to ports < 1024. Many a dollar has been wasted on workarounds and -often- the resulting security holes. Fortunately on FreeBSD 6.1 (and probably older versions as well) you can disable this remnant of trust-by-convention. host$ sysctl net.inet.ip.portrange.reservedhigh=0 That simple. Add it to your /etc/sysctl.conf today! posted by Slim @ 4:18 PM

Hi, folks. I am trying to implement reverse proxy using squid with mac_portacl, but i have problem while binding squid to port 80. Am i missed something? Here is my mac_portacl variables: # sysctl security.mac.portacl. security.mac.portacl.enabled: 1 security.mac.portacl.suser_exempt: 1 security.mac.portacl.autoport_exempt: 1 security.mac.portacl.port_high: 1023 security.mac.portacl.rules:

The manual page says, that rcmd() is only to be used by root's processes. On other OSes (Solaris, AIX), trying to call rcmd() without being root simply fails. FreeBSD, however, tries to be helpful and invokes rcmdsh in this case, which is inefficient and leaves the stderr's filedescriptor (fd2p) unfilled. Why? My understanding is, this is to make it harder for would-be attackers to

FreeBSD doesn't have a fixed range of reserved ports, although it still has IPPORT_RESERVED for compatibility; instead, the last reserved port number is indicated by the net.inet.ip.portrange.reservedhigh sysctl, which defaults to IPPORT_RESERVED - 1. The attached patch modifies add_local_forward() to use this sysctl instead of IPPORT_RESERVED on FreeBSD. DES -- Dag-Erling Sm?rgrav - des at des.no -------------- next part -------------- A non-text attachment was scrubbed... Name: ssh-ipport-rese...

....local.inflight: 0 net.local.taskcount: 0 net.local.recycled: 0 net.inet.ip.portrange.lowfirst: 1023 net.inet.ip.portrange.lowlast: 600 net.inet.ip.portrange.first: 49152 net.inet.ip.portrange.last: 65535 net.inet.ip.portrange.hifirst: 49152 net.inet.ip.portrange.hilast: 65535 net.inet.ip.portrange.reservedhigh: 1023 net.inet.ip.portrange.reservedlow: 0 net.inet.ip.portrange.randomized: 1 net.inet.ip.portrange.randomcps: 10 net.inet.ip.portrange.randomtime: 45 net.inet.ip.forwarding: 0 net.inet.ip.redirect: 1 net.inet.ip.ttl: 64 net.inet.ip.rtexpire: 3600 net.inet.ip.rtminexpire: 10 net.inet.ip.rtmaxcache...