On Tue, Nov 28, 2006, Ilya Konstantinov wrote about "Re: How to bind privileged ports in a non-root process?": > You might be able to leave some chosen capability with a non-root process > by: > 1. Starting as a root process. > 2. Eliminating all but the needed capabilities with capset(2) (or > whatever higher-level function there is -- they're undocumented on my > system) > 3. Making the system keep capabilities upon seteuid by calling > prctl(2) with PR_SET_KEEPCAPS. > 4. seteuid(2) and exec(3) your Java thing.
This is what I wanted to do, but from some online documentation I got the feeling that while this was *supposed* to work, it doesn't actually work on modern kernels because capabilities were never actually implemented or exec() resets them, or god knows what. Does anyone have any experience with this? What still drives me crazy, though, is why isn't there a sysctl (/proc/sys/..) which let me control the range of "privileged ports"? Privileged ports perhaps made sense for security on mainframe Unix (to prevent simple users from pretending to the outside world that they supply services for this machine), but they make little sense today - and in fact, can *hurt* security by encouraging people to run stuff as root. Any kernel hacker care to ask the powers that be to add a sysctl to disable this feature? -- Nadav Har'El | Tuesday, Nov 28 2006, 7 Kislev 5767 [EMAIL PROTECTED] |----------------------------------------- Phone +972-523-790466, ICQ 13349191 |We aim to please, you aim too, please. http://nadav.harel.org.il |(sign in a gas station men's room) ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
