> This a good idea, I can set the initial value as 0 (root gid) and if the
> user needs the special gids they can set via /proc.
No, please don't. Make it so that it doesn't depend on a particular
group. Even if using a 0-group could have other security implication,
I am convinced that we should not add some more semantic until
specifically asked.
So, my request: initially, only root (or capability) can bind() to
ports below 1024. IF root echo group > /proc/some_file, group becomes
authorized.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/