Subject: Re: allowing unpriv users to bind to priv ports
To: None <firstname.lastname@example.org>
From: Matthew Mondor <email@example.com>
Date: 09/26/2002 04:45:47
On Wed, 25 Sep 2002 15:26:51 -0400
Joe Reed <firstname.lastname@example.org> wrote:
> i've been working on a utility to allow unprivilaged users to bind to
> privilaged ports on a per user/group basis. the rules are similiar to
> ipf rules and allow for daemons to be run as unprivilaged users, but
> still bind to the proper port (without losing any restriction for any
> other user), with a specific protocol. these rules only work for ports
> less than the reserved port. and superuser is always allowed to bind,
> regardless of rules.
I personally like the secure by default, optionally open up idea, I think
however that only a single syscall would be enough to manage the rules...