begin quoting Andrew Lentvorski as of Tue, Feb 26, 2008 at 06:37:31PM -0800:
[snip]
> Sigh.
>
> So, when is Linux going to finally drop the stupid requirement that you
> need to be *root* to bind to a port less than 1024?
>
> Without that requirement, pretty much every root compromise disappears.
You can compile it out of the kernel, but I don't know what file to
tweak. One would hope it would be a /proc directive or somesuch at
least.
It would be better to check against group membership than for root
anyway.
Has *BSD gotten rid of that restriction?
How many ports does a system need, anyway? Can't we carve 'em up?
We need /dev/net/{port} where we can use the standard permissions
to inspect and control access. The only problem is with port ranges.
/dev/net/{port}-{port}/ ?
--
Anything that logs in a user
Would still need root access.
Stewart Stremler
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
