Re: UID permissions mappings for "privileged ports" feature -- anybody done?

Magnus Ahltorp (magnus@abc.se)
Wed, 6 Nov 1996 23:58:35 +0100 (MET)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Gerard Roudier: "Re: Module loading (2.0.24) fails with "Unable to allocate DMA memory""
Previous message: Alan Cox: "Re: Problems with netscape in 2.0.24"
In reply to: Bradley Ward Allen: "UID permissions mappings for "privileged ports" feature -- anybody done?"

> Anyway, somebody have a patch that already does something like that?
> I'm sure I could hack in a less elegant static solution (like
> "if(portnum=80&&uid==12345) goto ok;" or whatever the code would say).
> Wait ... hmm ... I can't find it in the kernel source. Is this a libc
> thing?

You can do this without kernel hacking, by letting a priviliged program
allocate the port. If you really want to hack kernel, look for suser()
calls in net/ipv4/af_inet.c. You'll see a line where it checks if the port
number is below a value, and at the same time checks that the user is the
superuser. Of course you can hack it to allow users in a special group to
access a port to make it more flexible. Be sure you know what you're doing
first.

/Magnus

magnus@abc.se

Next message: Gerard Roudier: "Re: Module loading (2.0.24) fails with "Unable to allocate DMA memory""
Previous message: Alan Cox: "Re: Problems with netscape in 2.0.24"
In reply to: Bradley Ward Allen: "UID permissions mappings for "privileged ports" feature -- anybody done?"