diff options
| author | Vincent Gross <vgross@cvs.openbsd.org> | 2016-06-18 10:36:14 +0000 |
|---|---|---|
| committer | Vincent Gross <vgross@cvs.openbsd.org> | 2016-06-18 10:36:14 +0000 |
| commit | a2a69e4ebbc39b9b06527f05a765ce43782dbc45 (patch) | |
| tree | 7b8fd3554d8f4b9187d0a126a349ab6c5e67c4cc /lib/libc/gen | |
| parent | 3cf9a9daf049acc0fdc14eef9e6541f6cdeea457 (diff) | |
Add net.inet.{tcp,udp}.rootonly sysctl, to mark which ports
cannot be bound to by non-root users.
Ok millert@ bluhm@
Diffstat (limited to 'lib/libc/gen')
| -rw-r--r-- | lib/libc/gen/sysctl.3 | 21 |
1 files changed, 19 insertions, 2 deletions
diff --git a/lib/libc/gen/sysctl.3 b/lib/libc/gen/sysctl.3 index 1fa623b92f1..ff46b7c141a 100644 --- a/lib/libc/gen/sysctl.3 +++ b/lib/libc/gen/sysctl.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: sysctl.3,v 1.261 2016/06/07 05:52:49 tim Exp $ +.\" $OpenBSD: sysctl.3,v 1.262 2016/06/18 10:36:13 vgross Exp $ .\" .\" Copyright (c) 1993 .\" The Regents of the University of California. All rights reserved. @@ -27,7 +27,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd $Mdocdate: June 7 2016 $ +.Dd $Mdocdate: June 18 2016 $ .Dt SYSCTL 3 .Os .Sh NAME @@ -1201,11 +1201,13 @@ The currently defined protocols and names are: .It tcp Ta synbucketlimit Ta integer Ta yes .It tcp Ta syncachelimit Ta integer Ta yes .It tcp Ta synuselimit Ta integer Ta yes +.It tcp Ta rootonly Ta array Ta yes .It udp Ta baddynamic Ta array Ta yes .It udp Ta checksum Ta integer Ta yes .It udp Ta recvspace Ta integer Ta yes .It udp Ta sendspace Ta integer Ta yes .It udp Ta stats Ta structure Ta no +.It udp Ta rootonly Ta array Ta yes .El .Pp The variables are as follows: @@ -1618,6 +1620,15 @@ The maximum number of entries allowed in the TCP SYN cache. .It Li tcp.synuselimit The minimum number of times the hash function for the TCP SYN cache is used before it is reseeded. +.It Li tcp.rootonly +An array of +.Li in_port_t +is returned specifying the bitmask of +.Tn TCP +ports that can only be bound by processes with root euid. +When running with a +.Xr securelevel 7 +greater than 0, this variable may not be changed. .It Li udp.baddynamic Analogous to .Li tcp.baddynamic @@ -1641,6 +1652,12 @@ Returns the default send buffer size. .It Li udp.stats Returns the UDP statistics in a struct udpstat. +.It Li udp.rootonly +Analogous to +.Li tcp.rootonly +but for +.Tn UDP +sockets. .El .It Dv PF_INET6 Get or set various global information about IPv6 |