Subject: Re: allowing unpriv users to bind to priv ports
To: Lubomir Sedlacik <salo@Xtrmntr.org>
From: Joe Reed <firstname.lastname@example.org>
Date: 09/25/2002 20:49:49
> just a little note: what about /dev/ports/(tcp|tcp6|udp|udp6)/1-65535
> nodes with appropriate owner/group or even permissions (e.g. x as an
> "allow binding" flag)?
the current scheme bases it's reserved ports off of the IPPORT_RESERVED and
IPV6PORT_RESERVED #define's. this way if someone wishes to change that they
don't have to rebuild their devices after a kernel recompile. we really
don't want to restrict ports above that. it seems to me that the preventing
users bind(2) on high-number ports could cause other problems, although i
can't really back that up with example right now.
also, what if we wish to add a new protocol? currently it's just adding a
flag or 2 and adding the corresponding entries into the switch statements.
do we really want to add this much to /dev/ ?? i think the implementation
may be to simpler to use a rule-based approach instead of /dev/ports/*.