Re: Possibility to adjust the only-root-can-bind-to-port-under-1024 limit

2007-12-06 Thread Mikael Ståldal
Casey Schaufler skrev: How do you protect ports greater than 1024 from any user binding to them? E.g. port 1080. Should the OS manage port number allocations? I don't think so based on the notion of ports being names in an uncontrolled flat namespace. The whole problem is that people want to

Re: Possibility to adjust the only-root-can-bind-to-port-under-1024 limit

2007-12-06 Thread Mikael Ståldal
Casey Schaufler skrev: How do you protect ports greater than 1024 from any user binding to them? E.g. port 1080. Should the OS manage port number allocations? I don't think so based on the notion of ports being names in an uncontrolled flat namespace. The whole problem is that people want to

Re: Possibility to adjust the only-root-can-bind-to-port-under-1024 limit

2007-11-30 Thread Mikael Ståldal
Phillip Susi skrev: Mikael Ståldal wrote: And how do you protect ports >1024 from any user binding to them? You prevent users from binding to those ports by only giving applications that need to the capability, and only letting the users that need to have execute permission to th

Re: Possibility to adjust the only-root-can-bind-to-port-under-1024 limit

2007-11-30 Thread Mikael Ståldal
Phillip Susi skrev: Mikael Ståldal wrote: And how do you protect ports 1024 from any user binding to them? You prevent users from binding to those ports by only giving applications that need to the capability, and only letting the users that need to have execute permission to those programs

Re: Possibility to adjust the only-root-can-bind-to-port-under-1024 limit

2007-11-26 Thread Mikael Ståldal
Radoslaw Szkodzinski (AstralStorm) skrev: In Linux you have to be root in order to listen to TCP or UDP ports below 1024 (the well-known ports). As far as I know, this limit is hardcoded in the kernel. The proper way to enable port <= 1024 binding support is adding CAP_NET_BIND_SERVICE to >

Re: Possibility to adjust the only-root-can-bind-to-port-under-1024 limit

2007-11-26 Thread Mikael Ståldal
Radoslaw Szkodzinski (AstralStorm) skrev: In Linux you have to be root in order to listen to TCP or UDP ports below 1024 (the well-known ports). As far as I know, this limit is hardcoded in the kernel. The proper way to enable port = 1024 binding support is adding CAP_NET_BIND_SERVICE to

Possibility to adjust the only-root-can-bind-to-port-under-1024 limit

2007-11-20 Thread Mikael Ståldal
In Linux you have to be root in order to listen to TCP or UDP ports below 1024 (the well-known ports). As far as I know, this limit is hardcoded in the kernel. In some cases, this limit do more harm than good, so it would be nice to be able to adjust it. FreeBSD have a pair of sysctl

Possibility to adjust the only-root-can-bind-to-port-under-1024 limit

2007-11-20 Thread Mikael Ståldal
In Linux you have to be root in order to listen to TCP or UDP ports below 1024 (the well-known ports). As far as I know, this limit is hardcoded in the kernel. In some cases, this limit do more harm than good, so it would be nice to be able to adjust it. FreeBSD have a pair of sysctl