Re: Got root?
On Tue, May 01, 2001 at 05:48:54AM -0400, Andres Salomon wrote:
> Perhaps I'm misunderstanding your proposition, but how is this different
> than, say, having inetd listen on ports below 1024, and then
> forking/changing to a different user once a connection is made to the port?
To use inetd, a new process is spawned for each connection, and the
daemon has to be written to use identd. With his, it's just like
opening on a port above 1024.
Although my personal opinion is that it should be controled via
user/group, not binary. eg, your webserver user can open port 80.
> On Sun, Apr 29, 2001 at 07:19:06AM -0400, Sunny Dubey wrote:
> > It would be like having a file called /etc/acl.ports (or something) and
> > within the file, would be a list which binaries are allowed to bind to what
> > ports. (an example is provided below)
> > # /etc/acl.ports
> > # Port Numbers binary
> > 80 /usr/local/apache/bin/httpd
> > 22 /usr/local/openssh/sshd
> > 21 /usr/local/anonftpd/ftpd
Adam Olsen, aka Rhamphoryncus