Re: [tlug] Unix's 40th Birthday

[Curt Sampson <cjs@example.com>]

On 2009-08-22 14:54 +0900 (Sat), Stephen J. Turnbull wrote:

> Curt Sampson writes:
> 
>  > Speaking of security, is there some simple way to convince the linux
>  > kernel to let a non-root application bind to a port under 1024?
> 
> ISTR that somebody wrote a wrapper that would do basically what ssh
> does: start as a privileged user, acquire resources, then drop
> privileges and exec your process.

Yes, and many of the programs I use have this functionality built in,
but a) you need to trust it, and b) you need further configuration to
figure out what user you're supposed to become (which is of course, a
further chance for error).

> I don't know how it passed the
> resources or if sockets would be one of the resources handled.

You can leave file handles open across forks.

> Doesn't inetd do something like that?

Hmm...that's a thought, actually; I'd forgotten that inetd can pass a
socket to a process and the process can listen for new connections.
Though that's still more external configuration, since you now have to
update the inetd.conf when you want to take the server down.

cjs
-- 
Curt Sampson       <cjs@example.com>        +81 90 7737 2974
           Functional programming in all senses of the word:
                   http://www.starling-software.com