[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#427605: ITP: privbind -- Allow unprivileged apps to bind to a privileged port

martin f krafft wrote:
> How? Could you include a short note on how it does this "magic" in
> the description please?
>
>   
I'll do (arguably) better. I'll link to a not so short description at
http://privbind.svn.sourceforge.net/viewvc/privbind/trunk/README?view=markup

In a nutshell, privbind uses a 100% user space approach that does not
rely on SUID executables or on global configs (unlike authbind).
Instead, a root process runs privbind, which drops privileges and runs
the actual program. Privbind does leave a root process behind, and wraps
the program run with a LD_PRELOAD library that intercepts the "bind"
call, and forwards its file descriptor through an open UNIX domain
socket to the root process, which carries out the actual bind.

Shachar
Reply to: