2009/9/14 Chris Rees <utis...@googlemail.com>

>
> Isn't this a bit drastic? Listening sockets are opened by very many
> types of processes, as well as remembering that sendmail, BIND, and
> others don't actually run as root... I suppose it'd be possible, but
>  would it actually be useful?
>

Sure, those open listening sockets. But those are things I want to listen.

Now suppose a user account was hacked, and "Bob" sets up a web server
listening on some random port above 1024. If "Bob" couldn't use listen() he
wouldn't be able to do that.

Of course, user accounts should be made secure, but what I am getting at is
making the hack much less useful.


> BTW, there may be an ipfw rule for this, I'll have to look it up when
> my servers are back online!
>
> Chris
>

Frem. (Apologies for Gmail quoting, which is horrible).
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Reply via email to