On Tue, Jul 17, 2001 at 07:53:06PM -0400, jmjonesat_private wrote: > This is not a Linux thang though, it's an Internet (RFC/STD) thing, if I > remember correctly. I am pretty sure it is POSIX or convention only. For instance, Win* doesn't have this restriction on ports bindable to user programs -- right? (It has been a long time since I have used a windows machine in any real fashion -- web browsing on a friend's computer is about it these days. :) > It may be possible to open ports other than 0-1023 for "system" access in > linux, but they probably aren't going to ever become "universal". Huh? You lost me here. :) NT has a SYSTEM account, and various code occasionally runs as SYSTEM. Linux and its friends have root, but root isn't really "system". "system" under Linux and friends sounds like "kernel threads" to me -- and it is currently possible for any CAP_NET_BIND_SERVICE process to open low ports, not just kernel threads. What do you mean by "system"? Define this, and then we get back to useful conversations, albeit off-topic. :) > Many weeks ago, somebody suggested creating port structures in /proc/ > that refected the specific ports being opened and their permissions. > This is one way to handle this within the pre-existant paradigm that I > like, but not enough to "bid on". The /proc system is entirely for interaction with user space, and such interaction is probably best left to module authors. (Though if several module authors suggest that such a mechanism is useful to them, we may be able to put the network /proc stuff suggested into the general LSM kernel.) Cheers! :) _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Tue Jul 17 2001 - 18:06:24 PDT