Re: socket-based activation has unmaintainable security?

[Russell Coker <russell@coker.com.au>]

On Thu, 7 Feb 2013, Thomas Goirand <zigo@debian.org> wrote:
> > I think he's referring to allowing processes which require listening to a
> > port under 1024 to run without superuser privileges. I believe our
> > implementation on Debian (e.g. Apache) is to have the process start as
> > root, start listening, and then setuid to an unprivileged user.
> 
> Which would be the wrong way of doing things / wrong reason
> for using root as running user, since you can set the
> CAP_NET_BIND_SERVICE capability... (man capabilities ...)

Such capabilities allow the process to bind to all low ports, which usually 
isn't what you desire.  If you want to permit a daemon to bind to exactly one 
reserved port and no others then it seems that the options are systemd (if the 
daemon supports socket based activation) and SE Linux.

-- 
My Main Blog         http://etbe.coker.com.au/
My Documents Blog    http://doc.coker.com.au/