Subject: Re: priv/unpriv ports range/exceptions
To: None <email@example.com>
From: Kevin P. Neal <firstname.lastname@example.org>
Date: 06/04/2001 19:45:24
On Mon, May 28, 2001 at 05:36:29PM +0200, salo wrote:
> hi there,
> i was solving problem with need to have excluded special ports from
> privileged range for daemon running by user. (please do not try to
> recommend other method like inetd/port forwarding/switching to user id
> after bind(), etc. this was the only way to achieve exactly what i need)
An idea I once had was to make a new virtual filesystem that had
named ports in it for each port that can be opened for listening.
Imagine, for example, a web server opening "/dev/ip/tcp/any/80".
Then a chown www:www (or whatever) could restrict use of that port
to a single account w/out root access.
The interesting part is saving the state across mounts/reboots. For, um,
ideas on this see "devfs" in your fav *BSD list archive.
Kevin P. Neal http://www.pobox.com/~kpn/
'Concerns about "rights" and "ownership" of domains are inappropriate.
It is appropriate to be concerned about "responsibilities" and "service"
to the community.' -- RFC 1591, page 4: March 1994