Re: setting access rights to priviledged ports

David Lang (dlang@diginsite.com)
Thu, 15 Oct 1998 12:07:48 -0700 (PDT)

-----BEGIN PGP SIGNED MESSAGE-----

Linux has this with the ipfwadm transparent proxy capability (I assume
that ipchains has similar support as well) the line is similar to the one
below

ipfwadm -I -a accept -r 10025 -p tcp -S 0.0.0.0/0 -D (youtIP)/32 25

set sendmail to use port 10025 and you are done.

David Lang

On Wed, 14 Oct 1998, Anthony Barbachan wrote:

> Date: Wed, 14 Oct 1998 21:01:02 -0400
> From: Anthony Barbachan <barbacha@Hinako.AMBusiness.com>
> To: Stefan Monnier
<monnier+lists/linux/kernel/news/@TEQUILA.SYSTEMSZ.CS.YALE.EDU>,
Adam Sulmicki <adam@cfar.umd.edu>
> Cc: linux-kernel@vger.rutgers.edu, adam@cfar.umd.edu
> Subject: Re: setting access rights to priviledged ports
>
> An alternative is to write a small socket redirecting program to redirect
> traffic from one port to another. This is doable as I have done it myself
> to not only work locally but also to a completely different machine. This
> program could be installed on socket 25 and have it redirect requests to a
> user process available port where you could install your suided sendmail
> program.
>
> -----Original Message-----
> From: Adam Sulmicki <adam@cfar.umd.edu>
> To: Stefan Monnier
> <monnier+lists/linux/kernel/news/@TEQUILA.SYSTEMSZ.CS.YALE.EDU>
> Cc: linux-kernel@vger.rutgers.edu <linux-kernel@vger.rutgers.edu>;
> adam@cfar.umd.edu <adam@cfar.umd.edu>
> Date: Wednesday, October 14, 1998 10:08 AM
> Subject: Re: setting access rights to priviledged ports
>
>
> >Stefan Monnier writes:
> >->
> >->I seem to remember people working on a "thingie" that would allow
> >->the sysadm to say that port 25 can be opened by user 'mail' so that
> >->sendmail can be made setuid-mail (and so on for news, dns, ...)
> >->
> >->Does such a thing exist ?
> >
> >The thing closest to it which is actually in linux kernel (2.1.x)
> >is "Capabilties". But it is not a fine grained as you ask. It would let
> >you give privilage to 'access ports'
> >
> >IIRC.
> >The thing you talk about was 'chown port' patch, which used to
> >map ports onto filesystem and use chown to change them at will.
> >I did not made into kernel
> >
> >Adam
> >
> >-
> >To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> >the body of a message to majordomo@vger.rutgers.edu
> >Please read the FAQ at http://www.tux.org/lkml/
> >
>
>
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.rutgers.edu
> Please read the FAQ at http://www.tux.org/lkml/
>

-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv

iQEVAwUBNiZIBj7msCGEppcbAQG7Uwf/XYt497sXzHzUhxOq0L1acppV3JZr9cRi
/N+DaA0+loiBGHfh8aCkt3g1GWC3ZhX2bbyO/Mopf3CBEH1ero8LY7t4UZpS7TUn
pOdgDyQXE2iZ+YTor2P3J6Un0RvkJGztY7f/6k7LOuwR+5XZUU6PFcS72Xghqkws
aqMsaqxZC0UMYzK88CLrT0CZjGGISgDlUCE8eZ28IBdpMBjog0sWNWAe0MZMwY+p
8vvg7LRXd8jKhX5UZA1f5zM156tu8Ie+BoqBb28zMQermKG+NTfHL+GOg0G6ajJw
E+60v7D+CPwVUf3AnFoUmjVG41Lgp2xGwFdaxVGZDufRUXZ7Lt/x3g==
=6ySM
-----END PGP SIGNATURE-----

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/