On 14 November 2012 02:39, Markus Gebert <markus.geb...@hostpoint.ch> wrote: > > On 14.11.2012, at 02:12, Adrian Chadd <adr...@freebsd.org> wrote: > > Oh lordie, just hack the kernel to make IP_BINDANY usable by any uid, > not just root. > > I was hoping that capabilitiies would actually be useful these days, > but apparently not. :( > > Then you can stop this FD exchange nonsense and this problem should go away. > :) > > > Thanks for the suggestion, I'll probably do that regardless of a fix to the > unp_gc problem, because it's indeed unnecessary overhead in our scenario. > Still that's a workaround you most probably don't want if you have untrusted > users on the system or you end up hacking in something comparable to > security.mac.seeotheruids.specificgid.
Yeah. I was hoping that capabilities would be settable from userland these days. I remember talking with Robert (CC'ed) about this when Julian/I threw this into FreeBSD. He wanted me to put it behind a capability (which I did) but there was no way for userland to grant a process this capability. Robert - is there any way these days to grant capabilities to userland processes? Adrian _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
