Re: allow process or user to listen on priviledged ports?

From: Sven Köhler
Date: Thu Dec 25 2003 - 07:36:14 EST

Next message: Matt Mackall: "Re: [PATCH 5/7] more CardServices() removals (drivers/net/wireless)"
Previous message: Gaël Le Mignot: "Laptop and CPU fan"
In reply to: Nick Craig-Wood: "Re: allow process or user to listen on priviledged ports?"
Next in thread: Sven Köhler: "Re: allow process or user to listen on priviledged ports?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I would give your application this capability (from #include "linux/capability.h")

/* Allows binding to TCP/UDP sockets below 1024 */
/* Allows binding to ATM VCIs below 32 */

#define CAP_NET_BIND_SERVICE 10

You do this with a setuid wrapper which drops all capabilities but
that one and then runs your application.

Thx for the answer! That's exactly what i search for.

I will try to write such a program. It seems that sucap keeps all capabilities and drops none. Depending on the other capabilities, that could be a bad idea.

Thx
Sven

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Matt Mackall: "Re: [PATCH 5/7] more CardServices() removals (drivers/net/wireless)"
Previous message: Gaël Le Mignot: "Laptop and CPU fan"
In reply to: Nick Craig-Wood: "Re: allow process or user to listen on priviledged ports?"
Next in thread: Sven Köhler: "Re: allow process or user to listen on priviledged ports?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]