Subject: Re: allowing unpriv users to bind to priv ports
To: Joe Reed <firstname.lastname@example.org>
From: Luke Mewburn <email@example.com>
Date: 09/26/2002 11:02:44
On Wed, Sep 25, 2002 at 08:52:04PM -0400, Joe Reed wrote:
| > *however*, we now have systrace in the tree, and that allows much more
| > granular control over what system calls may be called. I have been
| > meaning to test the following concept for a while:
| > * define IPNOPRIVPORTS in my kernel
| > * set a systrace policy to allow certain uids or gids to bind to
| > a specific port (e.g, "uid=named to tcp/udp port 53"
| > * set a default systrace policy; prevent uid!=0 from binding
| > port < 1024
| i have thought of this too, however this follows the paradigm of "having an
| insecure system, then using rules to lock it down." my patch follows the
| paradigm of "have a locked down system, and only open what you want." both
| are effective, when done right. but personally, i'd rather start with
| default security.
In general, if systrace can do what we want as a general solution,
it's what we'll use (versus adding yet more custom hackery to the kernel).