Re: use of netconf to configure Unix systems

[Juergen Schoenwaelder <j.schoenwaelder@iu-bremen.de>]

On Fri, Mar 17, 2006 at 10:12:19PM -0500, Phil Shafer wrote:
 
> Use of privileged port does not require code to be part of the
> kernel, just that it be root (uid 0) when the bind() call is made.
> Daemons can do their bind() and then setuid() to nobody to protect
> themselves from giving crackers root access.

Several modern Unix like systems now support a more granular set of
capabilities so that the above is not quite correct. On those modern
systems, a process has to have the appropriate capabilities to bind a
priviledged port.

/js

-- 
Juergen Schoenwaelder		    International University Bremen
<http://www.eecs.iu-bremen.de/>	    P.O. Box 750 561, 28725 Bremen, Germany

--
to unsubscribe send a message to netconf-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/netconf/>