Subject: Re: Upcoming security model abstraction
To: Travis H. <solinym@gmail.com>
From: Elad Efrat <elad@NetBSD.org>
List: tech-kern
Date: 08/25/2006 10:43:10
Travis H. wrote:
> What, you mean I can't change bind(2) to only allow uid 48 (apache, on
> most Linux installs) to bind to port 80?
>
> ;-)
Sure you can -- you write a kauth(9) listener for KAUTH_NETWORK_BIND
and can either check that inside the kernel or dispatch it to a userland
daemon to do the work for you. :)
> HHOS... it's about time to put an end to hardcoded uid/gids in the
> kernel. Funny thing, most people care about usernames, not uids, so
> the domain of discourse is not the same as the problem domain, and
> that's not good to do too often.
>
> A while back Ptacek changed all the networking code on his box to
> compare against a special "network" uid for privileges to bind to
> ports 1-1024... gross, but it was effective at getting closer to a
> "least privilege" system. I always thought there had to be a more
> elegant way of dividing them up. I can handle one magic uid, but
> several is pushing it.
You hit the nail right on its head. The above is exactly what I'm trying
to prevent.
> Bravo.
Thank you.
-e.
--
Elad Efrat