> ipfwadm -I -a accept -r 10025 -p tcp -S 0.0.0.0/0 -D (youtIP)/32 25
> set sendmail to use port 10025 and you are done.
Yes, there are hundreds of ways to circumvent the `you have to be root to open
a priviledged port' problem. But this one (for instance) is not convincing
because it doesn't really say what I want: I want to restrict port 25 access
to user mail and no other.
The `sockfs' solution is pretty much exactly what I need and seems to be simple
enough: it generalizes the ad-hoc `(port > 1000 || uid == 0)' test.
You can indeed get the same kind of result in user-land by writing some kind of
setuid port-allocator, but most such `solutions' require hacking the deamon's
code.
So I re-ask the question: what was the incentive for not putting sockfs in the
standard kernel ? Bad code ? Bloat ? Lack of usefulness ?
Stefan
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/