I am now able to block any user from being able to bind their shell
programs to IP addresses other than 0. I know the exact point of entry
in the kernel code where I would need to create some crontolling code
(so that certain users can bind to certain IP addresses) but I have
never done anything with IPC or kernel<>process messaging. I would need
to set up a kernel table that would store all of the UIDs along with the
IP addresses they are able to bind to, but I need to know how I can
update the table via a normal process run by root. (I can create the
table hashing code in the kernel, and the program that would add entries
to the table, but I wouldn't know how to connect the two so that they
can talk to each other). Anyone had any experience in this and wants to
help out?
Jeff Hansen wrote:
>
> I have been messing with my kernel for a while to no avail so I might as
> well see if anyone else is having or has had this problem...
>
> I need to know if there is a way to restrict users shell programs to
> only be able to use the IP addresses which they own. In other words,
> some users on my box are binding their shell programs to IP addresses
> that they don't own. I have many "lo" routing and arp entries that
> allow my box to use to many IP addresses. I just need edit something in
> the kernel that will only allow certain users to bind their programs to
> certain IP addresses. I'm fairly certain this can be done because I
> know that there is a limit on the port number that users can bind their
> programs to (i.e. root can bind stuff to a port < 1000 but no one else
> can). Please let me know if anyone has done anything with this, because
> I believe it would be very useful when implemented.
>
-Jeff Hansen