Hi, I am not sure if this exists (but don't think so), so I am asking.
Is there a sysctl type thing to disallow non-root users, or indeed any specified user or group, from running a program with listen() ? What I am looking at is improving network security, such that if a user account is compromised it can then not be used to run a dodgy web server/whatever on a non-privileged port. Although I can firewall off any port I wish, it seems like an obvious thing to disallow any user from opening a listening socket in the first place. I am suggesting something like "sysctl user.socket_listen" with enable or disable. Am I being really daft? Or does this exist already? Cheers, Frem. _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
