2009/9/14 Chris Rees <utis...@googlemail.com> > > Isn't this a bit drastic? Listening sockets are opened by very many > types of processes, as well as remembering that sendmail, BIND, and > others don't actually run as root... I suppose it'd be possible, but > would it actually be useful? >
Sure, those open listening sockets. But those are things I want to listen. Now suppose a user account was hacked, and "Bob" sets up a web server listening on some random port above 1024. If "Bob" couldn't use listen() he wouldn't be able to do that. Of course, user accounts should be made secure, but what I am getting at is making the hack much less useful. > BTW, there may be an ipfw rule for this, I'll have to look it up when > my servers are back online! > > Chris > Frem. (Apologies for Gmail quoting, which is horrible). _______________________________________________ firstname.lastname@example.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"