[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: use of netconf to configure Unix systems
On Fri, Mar 17, 2006 at 10:12:19PM -0500, Phil Shafer wrote:
> Use of privileged port does not require code to be part of the
> kernel, just that it be root (uid 0) when the bind() call is made.
> Daemons can do their bind() and then setuid() to nobody to protect
> themselves from giving crackers root access.
Several modern Unix like systems now support a more granular set of
capabilities so that the above is not quite correct. On those modern
systems, a process has to have the appropriate capabilities to bind a
priviledged port.
/js
--
Juergen Schoenwaelder International University Bremen
<http://www.eecs.iu-bremen.de/> P.O. Box 750 561, 28725 Bremen, Germany
--
to unsubscribe send a message to netconf-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/netconf/>