[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Got root?

On Tue, May 01, 2001 at 12:11:30AM +0000, Jim Breton wrote:
> On Sun, Apr 29, 2001 at 07:19:06AM -0400, Sunny Dubey wrote:
> > I know that UNIX does it so that normal users can't seem like legit and 
> > important services, but there surely must be some better way of delegating a 
> > port below 1024 to a deamon.
> If you have a need to do this now and don't want to play with kernel
> caps then you might try the "authbind" package.  I have used it before
> and it works!
> Package: authbind
> Description: Allows non-root programs to bind() to low ports
>  This package allows a package to be started as non-root but
>  still bind to low ports, without any changes to the application.

Since there IS a way to do what he wanted, what would it take to make
it used by default?  I'm sure everybody running BIND would feel alot
safer if it never ran as root, and such a practice would probably earn
Debian as a whole a few points for security.

And if spontaneously making authbind required for various packages
doesn't appeal, it could be done with making it only used if it
exists, and just put it in a Recomends line.

Adam Olsen, aka Rhamphoryncus

Reply to: