Subject: Re: allowing unpriv users to bind to priv ports
To: Joe Reed <firstname.lastname@example.org>
From: Luke Mewburn <email@example.com>
Date: 09/26/2002 10:14:40
On Wed, Sep 25, 2002 at 03:26:51PM -0400, Joe Reed wrote:
| hi all,
| i've been working on a utility to allow unprivilaged users to
| bind to privilaged ports on a per user/group basis. the rules
| are similiar to ipf rules and allow for daemons to be run as
| unprivilaged users, but still bind to the proper port (without
| losing any restriction for any other user), with a specific
| protocol. these rules only work for ports less than the reserved
| port. and superuser is always allowed to bind, regardless of rules.
i haven't looked at your diffs yet, but i had considered an idea like
this a while ago, and i think the general concept is useful.
*however*, we now have systrace in the tree, and that allows much more
granular control over what system calls may be called. I have been
meaning to test the following concept for a while:
* define IPNOPRIVPORTS in my kernel
* set a systrace policy to allow certain uids or gids to bind to
a specific port (e.g, "uid=named to tcp/udp port 53"
* set a default systrace policy; prevent uid!=0 from binding port < 1024
it would be interesting to hear about people's experiences with this