On Wed, Jan 17, 2001 at 10:33:30AM +0200, Peter Pentchev wrote:
> I've actually been thinking along the lines of something like that.
> A bit more strict access control though - bind() on AF_INET and/or AF_INET6
> disabled by default, except for certain uid/sockaddr pairs. A kernel module
> keeping a table of uid/sockaddr pairs, and a userland tool (bindcontrol?)
> to feed it the necessary data.
I think it would be very difficult to do this sensibly. You might
be able to stop people listening on tcp ports, but if you stop
people listening on UDP ports then DNS stops working.
(Stopping people listening on TCP ports is also likely to break
ssh, ftp and various other things - tough that may be desirable
in the situation in question.)
David.
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
- Protections on inetd (and /sbin/* /usr/sbin/* in gene... Michael R. Wayne
- Re: Protections on inetd (and /sbin/* /usr/sbin/... Dima Dorfman
- Re: Protections on inetd (and /sbin/* /usr/sbin/... Walter W. Hop
- Re: Protections on inetd (and /sbin/* /usr/s... Peter Pentchev
- Re: Protections on inetd (and /sbin/* /u... David Malone
- Re: Protections on inetd (and /sbin/... Peter Pentchev
- Re: Protections on inetd (and /sbin/* /u... Aleksandr A.Babaylov
- Re: Protections on inetd (and /sbin/... mouss
- Re: Protections on inetd (and /... Matt Dillon
- Re: Protections on inetd (a... Dag-Erling Smorgrav
- Re: Protections on inetd (and /sbin/* /usr/s... mouss
- Re: Protections on inetd (and /sbin/* /usr/sbin/... Daniel C. Sobral
- Re: Protections on inetd (and /sbin/* /usr/sbin/... Gordon Tetlow
- Re: Protections on inetd (and /sbin/* /usr/s... Dag-Erling Smorgrav
- Re: Protections on inetd (and /sbin/* /u... Tony Finch
