Can the kernel be modified to allow users to open ports < 1024?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, Doubtless this information exists on the www but google isn't being friendly today. I have a special situation where it would be *extremely* good if users could open their own ports < 1024. SMTP and pop3, at the very least - FTP would be good too. I was thinking, surely there would be a way to patch the kernel to allow this sort of activity. Has anyone ever heard of such a thing? Any idea where I could find information about this short of bugging lkml (which I really don't want to do)? Thanks! - - -- - - ---------------------------------------------------- Jonathan Wilson System Administrator Cedar Creek Software http://www.cedarcreeksoftware.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE88m9dQ5u80xXOLBcRAs4WAJ0YhU+29NYWarDMotGFXLhnyein9ACfcNc1 Ids2qTLgXTSTlSy0sL1Yr9I= =SGX8 -----END PGP SIGNATURE-----
On Mon, 27 May 2002 12:39:41 -0500
JW
I have a special situation where it would be *extremely* good if users could open their own ports < 1024. SMTP and pop3, at the very least - FTP would be good too.
I was thinking, surely there would be a way to patch the kernel to allow this sort of activity.
Has anyone ever heard of such a thing?
Any idea where I could find information about this short of bugging lkml (which I really don't want to do)?
Why not allow users to run those services on higher ports? There is no rule that pop has to be on 110, for example. The users will just need to configure their client software to use another port.
On Monday 27 May 2002 02:02 pm, you wrote:
On Mon, 27 May 2002 12:39:41 -0500
JW
(by way of JW ) wrote: I have a special situation where it would be *extremely* good if users could open their own ports < 1024. SMTP and pop3, at the very least - FTP would be good too.
<snip>
Why not allow users to run those services on higher ports? There is no rule that pop has to be on 110, for example. The users will just need to configure their client software to use another port.
In the pop3 example, yes -- but think of other things like SMTP. I don't see how you could get around that one. (Yes, I really do want user to run their own non-root smtp service in this case. No I've not lost my mind, I'm just testing things....) Thanks JW
* JW;
Hello,
Doubtless this information exists on the www but google isn't being friendly today.
look for "capabilities"
I have a special situation where it would be *extremely* good if users could open their own ports < 1024. SMTP and pop3, at the very least - FTP would be good too. I was thinking, surely there would be a way to patch the kernel to allow this sort of activity. Has anyone ever heard of such a thing?
Any idea where I could find information about this short of bugging lkml (which I really don't want to do)?
It looks to me this is what you want http://www.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.2/capfaq-... Compartnet (Marc's IMO excellent tool) uses capabilities HTH -- Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx
* JW;
On Monday 27 May 2002 02:03 pm, you wrote:
Compartnet (Marc's IMO excellent tool) uses capabilities
Do you have a link for Compartnet? Neither google nor freshmeat turned it up.
I should get a habit of reading what I have typed before hitting "y". It should have been "compartment" by Marc Heuse. For SuSE 8.0 it is in /CD4/suse/ap4/compartm-1.0-286.i386.rpm -- Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx
participants (3)
-
JW
-
Togan Muftuoglu
-
zentara