Subject: Re: new sysctl - privilaged ports runtime option?
To: None <itojun@iijlab.net>
From: Joe Reed <jnr@po.cwru.edu>
List: tech-kern
Date: 08/11/2002 21:43:05
On Sunday 11 August 2002 19:12, itojun@iijlab.net wrote:
> >what you can do though is remove the restriction on the ports, then use
> >systrace to restrict them.  this gives you the ablility to have sendmail,
> >etc. running as an unpriv user, but still allowed to bind to the proper
> >port(s).
>
> 	systrace can enforce policy for certain program (by
> 	/etc/systrace/usr_bin_finger and such), not all programs.
> 	how do you suggest enforce it for multiple programs available on the
> 	system?

i was thinking of restricting based on the user id of the process calling the 
bind(2) function.  hence you could create a www user, run httpd as user www, 
then only allow www (and root, of course) to bind to ports 80 and 443.

this functionality could go in sys/netinet/in_pcb.c and 
sys/netinet6/in6_pcb.c.  

however, i'm unsure of the following things:
1) how port->allowable_uid_list should be stored
2) the interface used to create and manipulate such a mapping
3) how this additional check will affect performance.
4) if such a change is worthwhile and desired.

i'd appreciate any thoughts/comments on or off list.

--joe