IIRC, INN uses a `inn_start' wrapper which is run as root, binds to the port,
drops privs and then execs inn itself as user news, passing the created
socket's filedescriptor as a parameter.
DNews uses the same trick and I remember someone hacking up a sendmail_start
thingie also.
Problems with it:
- it ends up implementing access rights at the user level. Such rights are
checked in the kernel when it comes to files, so why should it be checked
by setuid (or similar) programs elsehwere ?
- if inn (or sendmail, or dnews) decides to close the socket for some reason
it cannot repoen it without going through the xxx_start wrapper. This
required special hacking in sendmail (on top of the slight hacking
needed to be able to pass the socket from the parent process).
So, again, I know perfectly well that you can workaround this root-bind problem
in userland, but the sockfs seems to be much much *cleaner*: you can really
say what you want rather than rely on some setuid wrapper (and hoping it will
do the right thing).
Stefan
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/