On 16/02/07, Tzahi Fadida <[EMAIL PROTECTED]> wrote:
Is there an added value in contrast of just using a simple server that accepts on low ports but bounces the packets to a low privileged port?
Examples: 1. A daemon for which you don't have the source and which you can't configure to use non-privileged port (I think that was the issue the started the thread that made Shachar start this little project). 2. Daemons which bind dynamically to privileged ports along their life time (e.g. daemons which advertise their RPC port through RPC mapper, or other daemons). 3. Daemons which send/receive port numbers on their protocol, requiring the proxy to understand the appliation-level protocol (e.g. FTP, various VoIP protocols) Also, again of curiosity :), is there a way to wrap the daemon
without forking and replacing the bind call with a customized bind with a more detailed security preferences. Another method perhaps, is to insert a module into the kernel which decorates bind with the capability to identify a process (for example using sysfs or something) to have a free hand with binding.
You mean, like LSM (http://en.wikipedia.org/wiki/Linux_Security_Modules), or it's more famous user - SE Linux? --Amos
