tech-security: Re: [Fwd: [Rosiello Security] Negligent architecture for the assignment of the ports]

Subject: Re: [Fwd: [Rosiello Security] Negligent architecture for the assignment of the ports]
To: None <tech-security@NetBSD.org>
From: Roland C. Dowdeswell <elric@imrryr.org>
List: tech-security
Date: 04/24/2004 13:38:03

On 1082784116 seconds since the Beginning of the UNIX epoch
Sascha Retzki wrote:
>

>Hi list, 
>
>I think his example is not the best, but the entire idea is great: 1024
>root-ports and the rest is a battle-field should be depreciated. I think
>its easy (except of one thing ;)  ) to implement sth like a "secbind"
>protocol into NetBSD:

You can configure NetBSD to allow non-root processes to bind to
reserved ports by using systrace.  In reality, though, the entire
idea of reserved ports is broken.  People should actually invest
some time in security rather than reserved port hacks, in the long
term.

--
    Roland Dowdeswell                      http://www.Imrryr.ORG/~elric/