> But for others reasons you can't use these gids, it can be configured via
> sysctl, or doing the simple:
>
> echo "new-gid" > /proc/sys/net/ipv4/socket_port_gid
> echo "new-gid" > /proc/sys/net/ipv4/socket_raw_gid
>
>
> IMHO this can be a permanent feature of kernel, it open a big door for
> more secure distribuitions, please give me some feedback of this idea.
This isn't needed. In kernel 2.2, we already have this functionality via
capabilities. A program which only needs to bind to a low port socket,
simply drops all its privs apart from "bind to low socket". It can do this
as one of its first lines of code.
Chris
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/