SH> Sorry, I think we've discussed this before but can't recall - does SH> setting sport here allow an unpriv user to bypass SH> CAP_NET_BIND_SERVICE?
Yes, it does. I was kinda considering that part of the input sanity checking that I officially punted on. However, as far as I know, we'll just need to check that capability before we bind() in the listen/closed case and hash in the connected case. -- Dan Smith IBM Linux Technology Center email: [email protected] _______________________________________________ Containers mailing list [email protected] https://lists.linux-foundation.org/mailman/listinfo/containers _______________________________________________ Devel mailing list [email protected] https://openvz.org/mailman/listinfo/devel
