> I've encountered this problem with a patch under the 2.0.36 kernel.
> I have used this patch under 2.0.33-2.0.35 without any problem but
> recently it has been flakey.
> + /* The low and high bytes of the port must be swaped inorder to work */
> + if ( (current->uid >= 1000) && (current->sgid != 103)
> + && ((ntohl(sin->sin_addr.s_addr) & 0xFFFFFF00) != (127 << 24))
> + && (sin->sin_port != htons(43)) /* whois */
> + && (sin->sin_port != htons(53)) /* dns */
> + && (sin->sin_port != htons(70)) /* gofer */
> + && (sin->sin_port != htons(79)) /* finger */
> + && (sin->sin_port != htons(80)) /* http */
> + && (sin->sin_port != htons(113)) /* ident */
> + && (sin->sin_port != htons(443)) /* https */
> + && (sin->sin_port != htons(517)) /* talk */
> + && (sin->sin_port != htons(518)) ) /* ntalk */
> + for (i = 0;i < NGROUPS;i++)
> + {
> + if (current->groups[i] == 103)
> + allow_connect = 1;
[...]
Oo... yuck. No offense intended, in 2.0.x you don't have many
options. You might want to look at 2.2.x -- it have `capabilites'
that you can give to processes. This would allow you to hack login
(or whatever) to give certain processes the ability to bind to ports
< 1024....
-cw
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/