On Monday 14 September 2009 18:47:18 Freminlins wrote: > Hi, > > I am not sure if this exists (but don't think so), so I am asking. > > Is there a sysctl type thing to disallow non-root users, or indeed any > specified user or group, from running a program with listen() ? > > What I am looking at is improving network security, such that if a user > account is compromised it can then not be used to run a dodgy web > server/whatever on a non-privileged port. Although I can firewall off any > port I wish, it seems like an obvious thing to disallow any user from > opening a listening socket in the first place. I am suggesting something > like "sysctl user.socket_listen" with enable or disable. > > Am I being really daft? Or does this exist already?
See mac_portacl(4). -- Mel _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"