Is there an added value in contrast of just using a simple server that accepts on low ports but bounces the packets to a low privileged port? Also, again of curiosity :), is there a way to wrap the daemon without forking and replacing the bind call with a customized bind with a more detailed security preferences. Another method perhaps, is to insert a module into the kernel which decorates bind with the capability to identify a process (for example using sysfs or something) to have a free hand with binding.
On Friday 16 February 2007 12:49, Shachar Shemesh wrote: > Tzahi Fadida wrote: > > On Friday 16 February 2007 03:07, you wrote: > >> Hi, > >> > >> I'm trying to help complete Shachar Shemesh' privbind project ( > >> http://sourceforge.net/projects/privbind) and it mostly works except > >> that > > > > Just from curiosity, what does it mean privileged socket? why are they > > privileged for internal use. > > IIRC for tcp the ports under 1024 are protected to be listened > > by non-root users (i think)? is that it? > > Yes. > > The unix domain sockets are merely used to pass the TCP/UDP sockets' FD > between non-privileged daemon and privileged "privbind" so that the > later can bind them to the low port for the former. > > > In addition, what would be a typical application of privbind? > > Running a daemon that requires binding to a low port, but requires no > other privileged permission. > > > 10x. > > Shachar -- Regards, Tzahi. -- Tzahi Fadida Blog: http://tzahi.blogsite.org | Home Site: http://tzahi.webhop.info WARNING TO SPAMMERS: see at http://members.lycos.co.uk/my2nis/spamwarning.html ================================================================To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]