On Wednesday 07 August 2002 12:47, Greywolf wrote:

> I didn't see the original message; what, exactly, are we aiming for here,
> and to what end?
the point is to replace the compile-time kernel option NOPRIVPORTS with a 
runtime one.  my reasons are explained in yesterday's post (see 
mail-index.netbsd.org)

>
> I'd say to check the securelevel, you should get the value from
> kern.securelevel (obvious, no?).
that's fine, for code that is outside of the kernel.  i'm already within the 
kernel, modifying the sysctl code.  

>
> If this is doing what I think it's doing, I would say that it should be
> active only on securelevels ABOVE (not including) 1.
the point is to make the option of allowing unprivilaged users to bind to 
ports <1024 a runtime config option.  if you set your securelevel high, i 
woudl think that you would not want this (potientially less secure) option.  
the code does not allow the sysctl if the securelevel is high.

--joe