Subject: Re: Upcoming security model abstraction
To: Travis H. <>
From: Elad Efrat <>
List: tech-kern
Date: 08/25/2006 10:43:10
Travis H. wrote:

> What, you mean I can't change bind(2) to only allow uid 48 (apache, on
> most Linux installs) to bind to port 80?
> ;-)

Sure you can -- you write a kauth(9) listener for KAUTH_NETWORK_BIND
and can either check that inside the kernel or dispatch it to a userland
daemon to do the work for you. :)

> HHOS... it's about time to put an end to hardcoded uid/gids in the
> kernel.  Funny thing, most people care about usernames, not uids, so
> the domain of discourse is not the same as the problem domain, and
> that's not good to do too often.
> A while back Ptacek changed all the networking code on his box to
> compare against a special "network" uid for privileges to bind to
> ports 1-1024... gross, but it was effective at getting closer to a
> "least privilege" system.  I always thought there had to be a more
> elegant way of dividing them up.  I can handle one magic uid, but
> several is pushing it.

You hit the nail right on its head. The above is exactly what I'm trying
to prevent.

> Bravo.

Thank you.


Elad Efrat