On Thu, 4 Jul 2002, Blue Boar wrote: > Is there any point in needing to be root in order to allocate the low ports > on unix-like systems, anymore? As long as you keep the old privilege model, of course. You don't want your users to bind port 25 when Sendmail goes down for a short while (actually, you can induce it pretty easily in certain configurations). > Could some sort of port ACL simply be used that says a particular UID > can allocate a particular range of ports? It would be desired for all Unix systems to have an extensive ACL system enabled by default (not something like Linux capabilities), but I doubt it'll happen any time soon. -- _____________________________________________________ Michal Zalewski [lcamtufat_private] [security] [http://lcamtuf.coredump.cx] <=-=> bash$ :(){ :|:&};: =-=> Did you know that clones never use mirrors? <=-= http://lcamtuf.coredump.cx/photo/
This archive was generated by hypermail 2b30 : Thu Jul 04 2002 - 10:58:21 PDT