> Ok, I understand your request now, Im working in a new version of the
> patch, soon I put in http://bishop.sekure.org for download.
But I find this to be a great idea. Until now, I have either had to
run servers under root, or through a wrapper, or through a hack which
defeats the preliminary goal of < 1024 ports: redirect those ports to
non-priviledged ones. E.g. my news server runs @ port 5555, so no
need for root, and this is aliased to 119 through ipfwadm. This,
for example, meant that I was not a target for the recent INN 2.x
root security hole.
However, it also means that if the server dies, any user can impersonate
the server and capture authentification information -- bad.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/