Casey Schaufler skrev:
How do you protect ports greater than 1024 from any user binding to them?
E.g. port 1080.
Should the OS manage port number allocations? I don't think so
based on the notion of ports being names in an uncontrolled flat
namespace. The whole problem is that people want to
Casey Schaufler skrev:
How do you protect ports greater than 1024 from any user binding to them?
E.g. port 1080.
Should the OS manage port number allocations? I don't think so
based on the notion of ports being names in an uncontrolled flat
namespace. The whole problem is that people want to
Phillip Susi skrev:
Mikael Ståldal wrote:
And how do you protect ports >1024 from any user binding to them?
You prevent users from binding to those ports by only giving
applications that need to the capability, and only letting the users
that need to have execute permission to those
Phillip Susi skrev:
Mikael Ståldal wrote:
And how do you protect ports 1024 from any user binding to them?
You prevent users from binding to those ports by only giving
applications that need to the capability, and only letting the users
that need to have execute permission to those
Mikael Ståldal wrote:
And how do you protect ports >1024 from any user binding to them?
Isn't the 1024 limit somewhat obsolete and arbitrary today?
No, it is not obsolete, yes, it always was arbitrary.
You prevent users from binding to those ports by only giving
applications that need to
Mikael Ståldal wrote:
And how do you protect ports 1024 from any user binding to them?
Isn't the 1024 limit somewhat obsolete and arbitrary today?
No, it is not obsolete, yes, it always was arbitrary.
You prevent users from binding to those ports by only giving
applications that need to the
Radoslaw Szkodzinski (AstralStorm) skrev:
In Linux you have to be root in order to listen to TCP or UDP ports below 1024 (the
well-known ports). As far as I know, this limit is hardcoded in the kernel.
The proper way to enable port <= 1024 binding support is adding CAP_NET_BIND_SERVICE to
>
Radoslaw Szkodzinski (AstralStorm) skrev:
In Linux you have to be root in order to listen to TCP or UDP ports below 1024 (the
well-known ports). As far as I know, this limit is hardcoded in the kernel.
The proper way to enable port = 1024 binding support is adding CAP_NET_BIND_SERVICE to
On Tue, 20 Nov 2007 17:09:35 +0100
Mikael Ståldal <[EMAIL PROTECTED]> wrote:
> Hello.
>
> > The proper way to enable port <= 1024 binding support is adding
> > CAP_NET_BIND_SERVICE
> > to the process capability set, e.g. by using file-system capabilities.
>
> Is file-system capabilites part
On Tue, 20 Nov 2007 11:14:59 +0100
Mikael Ståldal <[EMAIL PROTECTED]> wrote:
> In Linux you have to be root in order to listen to TCP or UDP ports below
> 1024 (the
> well-known ports). As far as I know, this limit is hardcoded in the kernel.
>
> In some cases, this limit do more harm than
In Linux you have to be root in order to listen to TCP or UDP ports below 1024 (the
well-known ports). As far as I know, this limit is hardcoded in the kernel.
In some cases, this limit do more harm than good, so it would be nice to be
able to adjust it.
FreeBSD have a pair of sysctl
In Linux you have to be root in order to listen to TCP or UDP ports below 1024 (the
well-known ports). As far as I know, this limit is hardcoded in the kernel.
In some cases, this limit do more harm than good, so it would be nice to be
able to adjust it.
FreeBSD have a pair of sysctl
On Tue, 20 Nov 2007 11:14:59 +0100
Mikael Ståldal [EMAIL PROTECTED] wrote:
In Linux you have to be root in order to listen to TCP or UDP ports below
1024 (the
well-known ports). As far as I know, this limit is hardcoded in the kernel.
In some cases, this limit do more harm than good, so
On Tue, 20 Nov 2007 17:09:35 +0100
Mikael Ståldal [EMAIL PROTECTED] wrote:
Hello.
The proper way to enable port = 1024 binding support is adding
CAP_NET_BIND_SERVICE
to the process capability set, e.g. by using file-system capabilities.
Is file-system capabilites part of the stable
14 matches
Mail list logo