Re: Is PROT_SOCK still relevant?

/container to have a smaller foot print in the average case? Regards, Jason On Wed, Dec 16, 2015 at 9:52 AM, Jason Newton wrote: > How about changing how this mechanism works from a range of the lowest > N ports and instead have it as a user specifiable set? Towards more > proper

Re: Is PROT_SOCK still relevant?

/container to have a smaller foot print in the average case? Regards, Jason On Wed, Dec 16, 2015 at 9:52 AM, Jason Newton <nev...@gmail.com> wrote: > How about changing how this mechanism works from a range of the lowest > N ports and instead have it as a user specifiable set? Towards m

Re: Is PROT_SOCK still relevant?

container? How about a hash table? 2^16-1 uchar bool vector? In terms of setting/initializing - sysctl? -Jason On Mon, Dec 14, 2015 at 3:43 PM, Jason Newton wrote: > On Mon, Dec 14, 2015 at 2:39 PM, One Thousand Gnomes > wrote: >>> Perhaps lets consider this in another way if

Re: Is PROT_SOCK still relevant?

container? How about a hash table? 2^16-1 uchar bool vector? In terms of setting/initializing - sysctl? -Jason On Mon, Dec 14, 2015 at 3:43 PM, Jason Newton <nev...@gmail.com> wrote: > On Mon, Dec 14, 2015 at 2:39 PM, One Thousand Gnomes > <gno...@lxorguk.ukuu.org.uk> wrote

Re: Is PROT_SOCK still relevant?

On Mon, Dec 14, 2015 at 2:39 PM, One Thousand Gnomes wrote: >> Perhaps lets consider this in another way if it is strongly held that >> this is worth while in the default configuration: can it default off >> in the context of selinux / other security frameworks (preferably >> based on their

Re: Is PROT_SOCK still relevant?

On Mon, Dec 14, 2015 at 10:25 AM, One Thousand Gnomes wrote: >> Is there disagreement on my views or points? > > Yes 8) > > You don't really want someone racing you to set up a fake ssh service on > your system to steal all the passwords do you ? > > Alan Hasn't been a problem yet, for me. I

Is PROT_SOCK still relevant?

I've noted through years difficulties in getting programs in java or python to work in Linux correctly when binding to a "privileged port", requiring various forms of hoop jumping (use of capabilities, iptables redirection, authbind, and the classic newbie mistake of running the program as root)

Re: Is PROT_SOCK still relevant?

On Mon, Dec 14, 2015 at 10:25 AM, One Thousand Gnomes wrote: >> Is there disagreement on my views or points? > > Yes 8) > > You don't really want someone racing you to set up a fake ssh service on > your system to steal all the passwords do you ? > > Alan Hasn't been

Is PROT_SOCK still relevant?

I've noted through years difficulties in getting programs in java or python to work in Linux correctly when binding to a "privileged port", requiring various forms of hoop jumping (use of capabilities, iptables redirection, authbind, and the classic newbie mistake of running the program as root)

Re: Is PROT_SOCK still relevant?

On Mon, Dec 14, 2015 at 2:39 PM, One Thousand Gnomes wrote: >> Perhaps lets consider this in another way if it is strongly held that >> this is worth while in the default configuration: can it default off >> in the context of selinux / other security frameworks