Subject: finer grained IPNOPRIVPORTing
To: None <>
From: Michael S. <>
List: tech-kern
Date: 05/25/2005 00:47:15
I was thinking about privileged ports could be bound depending on having
entries in a file (e.g. /etc/privports) with application name and port
number it is allowed do bind without beeing root. All that has do be
done is a little checker funktion in the bind()ing or accept()ing
providing syscall to read from this file ore have the file mapped to
memory (e.g. on boot time). It could also contain a little string
recognition to have the ability to specify intervals of numbers komata.

Such file could contain the following lines:
/usr/pkg/bin/httpd		80
/sbin/ftpd				21,22,900-1000

It would be really nice to have this feature in NetBSD first.

As time passes by it could be expanded to also have groups and users
supported as beeing checked against for binding. So you could for
example say programs running uid user FRITZ always are given permission
to bind on privileged ports.
user:franz			*

I think this easily could be done, but as i am not a developer i can't
do it myself. I hope it was understandable, this what i wrote.