Re: Possibility to adjust the only-root-can-bind-to-port-under-1024 limit

From: Mikael Ståldal
Date: Thu Dec 06 2007 - 07:32:37 EST

Next message: Ralf Baechle: "Re: Please revert: PCI: fix IDE legacy mode resources"
Previous message: Stefan Rompf: "Re: sockets affected by IPsec always block (2.6.23)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Casey Schaufler skrev:

How do you protect ports greater than 1024 from any user binding to them?
E.g. port 1080.

Should the OS manage port number allocations? I don't think so
based on the notion of ports being names in an uncontrolled flat
namespace. The whole problem is that people want to make assumptions
about the applications providing services on a particular port, and
no amount of OS control is going to solve that one.

This means that the OS should allow any user to bind to all ports, even those <1024.

/Mikael
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Ralf Baechle: "Re: Please revert: PCI: fix IDE legacy mode resources"
Previous message: Stefan Rompf: "Re: sockets affected by IPsec always block (2.6.23)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]