[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: socket-based activation has unmaintainable security?

* Thomas Goirand:

> Which would be the wrong way of doing things / wrong reason
> for using root as running user, since you can set the
> CAP_NET_BIND_SERVICE capability... (man capabilities ...)

This allows to bind to all lower ports, which in some cases is
equivalent to root privileges.  A more fine-grained mechanism is

Reply to: