On 2002-01-14 at 12:20 +0100, Tamas TEVESZ wrote: > i'm not really following the thread, but am i on a very wrong path
> when i think this doesn't much make sense with the emerging of such
> techniques as capabilities on linux ? (i think there have been
Why?
> something like this on freebsd for quite some time). employing
> capabilities, the administrator can grant certain processes/users the
> privilege to bind to privileged ports even when the process is not
> running as root. this just makes me think that making a distinction
> based on "user is root and port is privileged" is a false path, at
> least in this particular case. no ?
The _administrator_ has to grant that privilege.
So if a process is listening on a port < 1024, then the administrator
was involved in setting it up. It might be inetd, it might be
tcpserver, it doesn't matter.
An administrator was involved.
If an admin grants an untrusted user the ability to bind any port, and
they screw up their config, then you're entering the "can't make it
damn-fool-proof" territory of product design.
--
It is so easy to miss pretty trivial solutions to problems deemed complicated.
The goal of a scientist is to find an interesting problem, and live off it for
a while. The goal of an engineer is to evade interesting problems.