Re: socket-based activation has unmaintainable security?

To: debian-devel@lists.debian.org
Subject: Re: socket-based activation has unmaintainable security?
From: Florian Weimer <fw@deneb.enyo.de>
Date: Thu, 07 Feb 2013 13:52:31 +0100
Message-id: <[🔎] 87r4kscmls.fsf@mid.deneb.enyo.de>
In-reply-to: <[🔎] 51129451.3070206@debian.org> (Thomas Goirand's message of "Thu, 07 Feb 2013 01:35:13 +0800")
References: <20121114204711.GA9158@virgil.dodds.net> <[🔎] 5110DCEC.4010405@gmail.com> <[🔎] CAJusiZUjKP_nv96HNCmUFyNRUkyYW+1Y1JPtpCMC4hoTip3Yaw@mail.gmail.com> <[🔎] 20130206082757.GC24543@anguilla.debian.or.at> <[🔎] 51121C5A.6090203@debian.org> <[🔎] 51129451.3070206@debian.org>

* Thomas Goirand:

> Which would be the wrong way of doing things / wrong reason
> for using root as running user, since you can set the
> CAP_NET_BIND_SERVICE capability... (man capabilities ...)

This allows to bind to all lower ports, which in some cases is
equivalent to root privileges.  A more fine-grained mechanism is
needed.

Reply to:

References:
- socket-based activation has unmaintainable security?
  - From: Thomas Hood <jdthood@gmail.com>
- Re: socket-based activation has unmaintainable security?
  - From: Shawn <shawnlandden@gmail.com>
- Re: socket-based activation has unmaintainable security?
  - From: Martin Wuertele <maxx@debian.org>
- Re: socket-based activation has unmaintainable security?
  - From: Chow Loong Jin <hyperair@debian.org>
- Re: socket-based activation has unmaintainable security?
  - From: Thomas Goirand <zigo@debian.org>

Prev by Date: Re: socket-based activation has unmaintainable security?
Next by Date: Re: socket-based activation has unmaintainable security?
Previous by thread: Re: socket-based activation has unmaintainable security?
Next by thread: Bug#699830: ITP: python-pygame2 -- Python Multimedia Development Library
Index(es):
- Date
- Thread