I am not sure if this exists (but don't think so), so I am asking.

Is there a sysctl type thing to disallow non-root users, or indeed any
specified user or group, from running a program with listen() ?

What I am looking at is improving network security, such that if a user
account is compromised it can then not be used to run a dodgy web
server/whatever on a non-privileged port. Although I can firewall off any
port I wish, it seems like an obvious thing to disallow any user from
opening a listening socket in the first place. I am suggesting something
like "sysctl user.socket_listen" with enable or disable.

Am I being really daft? Or does this exist already?

freebsd-questions@freebsd.org mailing list
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Reply via email to