Re: socket-based activation has unmaintainable security?
Russ Allbery writes ("Re: socket-based activation has unmaintainable security?"):
> For INN, quite some time ago, I wrote a setuid helper program that did
> nothing but bind the port for its parent process. I know there are a few
> other implementations of the same idea (I think Ian Jackson has a generic
> one that's packaged in Debian).
Yes, it's called "authbind" and it does seem to be that at least some
people use it as I occasionally get bug reports.
> It's not completely trivial, since you have to use two different
> techniques depending on whether the OS uses BSD-style sockets or
> STREAMS-style sockets (in BSD-style sockets you can bind in the child and
> the parent sees the results, but with STREAMS-style sockets you pass the
> file descriptor back to the parent),
Seriously ? Wow. authbind doesn't support that nonsense semantic
which you say STREAMS-based systems have.