Re: [linux-security] Re: Configuration for binding to "secure" ports?

[Olaf Kirch <okir monad swb de>]

On Fri, 29 May 1998 11:26:37 +0200, Pavel Kankovsky wrote:
> Well, you could also modify bind() to pass the socket (using BSD-like
> unix-domain socket magic) to a privileged "binder daemon" and let it
> decide whether you are allowed to bind it to the given port--and do it
> itself if you are.

I've toyed with this idea for some time... 2.1 offers a feature by
which the kernel passes your uid/gid to the unix socket peer upon connect.
This neatly solves the problem of authenticating anyone connecting to
a unix socket.

While the new capabilities stuff definitely does it better for binding to
a privileged port, other services (e.g. opening a modem port; writing
utmp) might still benefit from this.

Olaf
-- 
/d{def}def/D{dup}d/X{exch}d/L{length}d/-{sub}d/+{add}d/R{D D 0 ge X 26 le and}d
/C{13 + 26 mod}d/_{D L string/. X d . cvs 0 X L 1 X 1 -{D . X get 65 - R{C}{32
- R{C}if 32 +}ifelse 65 + . 3 1 roll put}for .}d/N{_ cvn}d/x{N cvx exec}d
/reebeqvpg x/haqrsvarq N{cvlit _ show}put 240 360 /zbirgb x/Uryirgvpn N
/svaqsbag x 12/fpnyrsbag x/frgsbag x bxve zbanq fjo qr/fubjcntr x