Hi, is there any interest in adding Socker[1] to pkgsrc? Let me cite the webpage: "Socker is a helper tool and library which allows giving unprivileged processes access to privileged sockets. It is currently known to work on FreeBSD, NetBSD and Linux systems. Socker is distributed under a BSD license." In other words, it allows you to run _and_ start e.g., a web server on port 80 - or any other kind of server on a port below 1024 - without root-privileges whilst still limiting access to certain user accounts without any less efficient and less safe NAT (port redirection) tricks. Access to raw sockets can be granted as well. "Socker uses a feature known as file descriptor passing over unix domain sockets. Socker itself consists of two parts: A helper program and a library. The helper program must be installed with the setuid-bit set for user root. When executed, this helper program socker checks whether the user is allowed to create a socket with the specified parameters. If permissions are granted, socker creates and binds a socket using given parameters. The socket is then passed back to the caller." Of course, it's not very useful unless programs start using it. For what it's worth, I'm considering adding the possibility to use the good old LD_PRELOAD trick, so that existing programs can use it without the need of modifications - unless they have some built-in precautions against this. [1] http://www.ghostwhitecrab.com/socker/ Thanks for your time, Christian
Attachment:
pgp8Pqq3_Rtew.pgp
Description: PGP signature