Subject: Re: priv/unpriv ports range/exceptions
To: None <tech-kern@netbsd.org>
From: Kevin P. Neal <kpneal@pobox.com>
List: tech-kern
Date: 06/04/2001 19:45:24
On Mon, May 28, 2001 at 05:36:29PM +0200, salo wrote:
> hi there,
> 
> i was solving problem with need to have excluded special ports from
> privileged range for daemon running by user. (please do not try to
> recommend other method like inetd/port forwarding/switching to user id
> after bind(), etc. this was the only way to achieve exactly what i need)

An idea I once had was to make a new virtual filesystem that had
named ports in it for each port that can be opened for listening. 
Imagine, for example, a web server opening "/dev/ip/tcp/any/80".
Then a chown www:www (or whatever) could restrict use of that port
to a single account w/out root access. 

The interesting part is saving the state across mounts/reboots. For, um,
ideas on this see "devfs" in your fav *BSD list archive.
-- 
Kevin P. Neal                                http://www.pobox.com/~kpn/
      'Concerns about "rights" and "ownership" of domains are inappropriate.  
 It is appropriate to be concerned about "responsibilities" and "service" 
 to the community.' -- RFC 1591, page 4: March 1994