Subject: Re: allowing unpriv users to bind to priv ports
To: Lubomir Sedlacik <>
From: Joe Reed <>
List: tech-kern
Date: 09/25/2002 20:49:49
> just a little note: what about /dev/ports/(tcp|tcp6|udp|udp6)/1-65535
> nodes with appropriate owner/group or even permissions (e.g. x as an
> "allow binding" flag)?

the current scheme bases it's reserved ports off of the IPPORT_RESERVED and 
IPV6PORT_RESERVED #define's.  this way if someone wishes to change that they 
don't have to rebuild their devices after a kernel recompile.  we really 
don't want to restrict ports above that. it seems to me that the preventing 
users bind(2) on high-number ports could cause other problems, although i 
can't really back that up with example right now.

also, what if we wish to add a new protocol?  currently it's just adding a 
flag or 2 and adding the corresponding entries into the switch statements.  
do we really want to add this much to /dev/ ??  i think the implementation 
may be to simpler to use a rule-based approach instead of  /dev/ports/*.