d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
b0d226932e
freebsd-nq/sys/netinet
History
Crist J. Clark b0d226932e The ancient and outdated concept of "privileged ports" in UNIX-type 
OSes has probably caused more problems than it ever solved. Allow the
user to retire the old behavior by specifying their own privileged
range with,

  net.inet.ip.portrange.reservedhigh  default = IPPORT_RESERVED - 1
  net.inet.ip.portrange.reservedlo    default = 0

Now you can run that webserver without ever needing root at all. Or
just imagine, an ftpd that can really drop privileges, rather than
just set the euid, and still do PORT data transfers from 20/tcp.

Two edge cases to note,

  # sysctl net.inet.ip.portrange.reservedhigh=0

Opens all ports to everyone, and,

  # sysctl net.inet.ip.portrange.reservedhigh=65535

Locks all network activity to root only (which could actually have
been achieved before with ipfw(8), but is somewhat more
complicated).

For those who stick to the old religion that 0-1023 belong to root and
root alone, don't touch the knobs (or even lock them by raising
securelevel(8)), and nothing changes.
2003-02-21 05:28:27 +00:00
..
libalias Correct typos, mostly s/ a / an / where appropriate. Some whitespace cleanup, 2003-01-01 18:49:04 +00:00
accf_data.c Remove so*_locked(), which were backed out by mistake. 2002-06-18 07:42:02 +00:00
accf_http.c Remove so*_locked(), which were backed out by mistake. 2002-06-18 07:42:02 +00:00
icmp6.h s/__attribute__((__packed__))/__packed/g 2002-09-23 06:25:08 +00:00
icmp_var.h Remove __P. 2002-03-19 21:25:46 +00:00
if_atm.c - Change the newly turned INVARIANTS #ifdef blocks (they were changed from 2002-05-21 18:52:24 +00:00
if_atm.h Remove __P. 2002-03-19 21:25:46 +00:00
if_ether.c Back out M_* changes, per decision of the TRB. 2003-02-19 05:47:46 +00:00
if_ether.h Fixed some style bugs in the removal of __P(()). Continuation lines 2002-03-24 10:19:10 +00:00
igmp_var.h Remove __P. 2002-03-19 21:25:46 +00:00
igmp.c Back out M_* changes, per decision of the TRB. 2003-02-19 05:47:46 +00:00
igmp.h
in_cksum.c
in_gif.c Back out M_* changes, per decision of the TRB. 2003-02-19 05:47:46 +00:00
in_gif.h last arg of in6?_gif_output() is not used any more. 2002-10-17 17:47:55 +00:00
in_pcb.c The ancient and outdated concept of "privileged ports" in UNIX-type 2003-02-21 05:28:27 +00:00
in_pcb.h Add a TCP TIMEWAIT state which uses less space than a fullblown TCP 2003-02-19 22:32:43 +00:00
in_proto.c Add a TCP TIMEWAIT state which uses less space than a fullblown TCP 2003-02-19 22:32:43 +00:00
in_rmx.c Get cosmetic changes out of the way before I add routing table SMP locks. 2003-02-10 22:01:34 +00:00
in_systm.h Remove __P. 2002-03-19 21:25:46 +00:00
in_var.h Fixed some style bugs in the removal of __P(()). Continuation lines 2002-03-24 10:19:10 +00:00
in.c Back out M_* changes, per decision of the TRB. 2003-02-19 05:47:46 +00:00
in.h Correct typos, mostly s/ a / an / where appropriate. Some whitespace cleanup, 2003-01-01 18:49:04 +00:00
ip6.h s/__attribute__((__packed__))/__packed/g 2002-09-23 06:25:08 +00:00
ip_divert.c Back out M_* changes, per decision of the TRB. 2003-02-19 05:47:46 +00:00
ip_dummynet.c De-anonymity a couple of messages I missed in a previous sweep. 2003-01-20 13:03:34 +00:00
ip_dummynet.h o Trim EOL whitespaces. 2002-12-15 10:24:36 +00:00
ip_ecn.c initialize local variable explicitly 2002-04-11 02:14:21 +00:00
ip_ecn.h Remove __P. 2002-03-19 21:25:46 +00:00
ip_encap.c Back out M_* changes, per decision of the TRB. 2003-02-19 05:47:46 +00:00
ip_encap.h Remove __P. 2002-03-19 21:25:46 +00:00
ip_flow.c s/FREE/free/ 2001-11-04 17:35:31 +00:00
ip_flow.h
ip_fw2.c Back out M_* changes, per decision of the TRB. 2003-02-19 05:47:46 +00:00
ip_fw.c Back out M_* changes, per decision of the TRB. 2003-02-19 05:47:46 +00:00
ip_fw.h Oops, forgot to commit this file. This is part of the fix 2002-10-24 22:32:13 +00:00
ip_gre.c MFS: recognize gre packets used in the WCCP protocol. 2002-12-07 14:22:05 +00:00
ip_gre.h de-__P(). 2002-10-16 22:27:27 +00:00
ip_icmp.c Back out M_* changes, per decision of the TRB. 2003-02-19 05:47:46 +00:00
ip_icmp.h Fix two instances of variant struct definitions in sys/netinet: 2002-10-20 22:52:07 +00:00
ip_id.c Remove __P. 2002-03-19 21:25:46 +00:00
ip_input.c Back out M_* changes, per decision of the TRB. 2003-02-19 05:47:46 +00:00
ip_mroute.c Back out M_* changes, per decision of the TRB. 2003-02-19 05:47:46 +00:00
ip_mroute.h Massive cleanup of the ip_mroute code. 2002-11-15 22:53:53 +00:00
ip_output.c Remove unused variables in the IPSEC case. 2003-02-20 18:22:21 +00:00
ip_var.h Back out the ip_fragment() code -- it is not urgent to have it in now, 2002-11-20 18:56:25 +00:00
ip.h Fix two instances of variant struct definitions in sys/netinet: 2002-10-20 22:52:07 +00:00
ipprotosw.h KSE Milestone 2 2001-09-12 08:38:13 +00:00
raw_ip.c Back out M_* changes, per decision of the TRB. 2003-02-19 05:47:46 +00:00
tcp_debug.c It's now sufficient to rely on a nested include of _label.h to make sure 2002-08-15 14:34:45 +00:00
tcp_debug.h make the strings for tcptimers, tanames and prurequests const to silence 2002-08-16 09:07:59 +00:00
tcp_fsm.h WARNS=n and lint(1) silencer. Declare an array of (const) strings 2002-02-03 11:57:32 +00:00
tcp_input.c Add a TCP TIMEWAIT state which uses less space than a fullblown TCP 2003-02-19 22:32:43 +00:00
tcp_output.c Convert tcp_fillheaders(tp, ...) -> tcpip_fillheaders(inp, ...) so the 2003-02-19 22:18:06 +00:00
tcp_reass.c Add a TCP TIMEWAIT state which uses less space than a fullblown TCP 2003-02-19 22:32:43 +00:00
tcp_seq.h Fix NewReno. 2003-01-13 11:01:20 +00:00
tcp_subr.c Unbreak non-IPV6 compilation. 2003-02-19 23:43:04 +00:00
tcp_syncache.c Back out M_* changes, per decision of the TRB. 2003-02-19 05:47:46 +00:00
tcp_timer.c Add a TCP TIMEWAIT state which uses less space than a fullblown TCP 2003-02-19 22:32:43 +00:00
tcp_timer.h Add a TCP TIMEWAIT state which uses less space than a fullblown TCP 2003-02-19 22:32:43 +00:00
tcp_timewait.c Unbreak non-IPV6 compilation. 2003-02-19 23:43:04 +00:00
tcp_usrreq.c Unbreak the automatic remapping of an INADDR_ANY destination address 2002-10-24 02:02:34 +00:00
tcp_var.h Add a TCP TIMEWAIT state which uses less space than a fullblown TCP 2003-02-19 22:32:43 +00:00
tcp.h Include <sys/cdefs.h> so the visibility conditionals are available. 2002-10-02 04:22:34 +00:00
tcpip.h
udp_usrreq.c Back out M_* changes, per decision of the TRB. 2003-02-19 05:47:46 +00:00
udp_var.h Notify functions can destroy the pcb, so they have to return an 2002-06-14 08:35:21 +00:00
udp.h