Subject: [Package Suggestion] Socker
To: None <pkgsrc-users@NetBSD.org>
From: Christian Biere <christianbiere@gmx.de>
List: pkgsrc-users
Date: 02/24/2006 18:57:42
--uXxzq0nDebZQVNAZ
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Hi,
is there any interest in adding Socker[1] to pkgsrc?
Let me cite the webpage:
"Socker is a helper tool and library which allows giving unprivileged
processes access to privileged sockets. It is currently known to work
on FreeBSD, NetBSD and Linux systems. Socker is distributed under a
BSD license."
In other words, it allows you to run _and_ start e.g., a web server
on port 80 - or any other kind of server on a port below 1024 -=20
without root-privileges whilst still limiting access to certain
user accounts without any less efficient and less safe NAT (port
redirection) tricks. Access to raw sockets can be granted as well.
"Socker uses a feature known as file descriptor passing over unix
domain sockets. Socker itself consists of two parts: A helper program
and a library. The helper program must be installed with the
setuid-bit set for user root. When executed, this helper program
socker checks whether the user is allowed to create a socket with the
specified parameters. If permissions are granted, socker creates and
binds a socket using given parameters. The socket is then passed back
to the caller."
Of course, it's not very useful unless programs start using it. For
what it's worth, I'm considering adding the possibility to use
the good old LD_PRELOAD trick, so that existing programs can use it
without the need of modifications - unless they have some built-in
precautions against this.
[1] http://www.ghostwhitecrab.com/socker/
Thanks for your time,
Christian
--uXxzq0nDebZQVNAZ
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.1 (NetBSD)
iD8DBQFD/0kW0KQix3oyIMcRAsGkAKCPx6qXvPSQjS7HWiy8wMcSPrJMuACfXPXz
jPLUByyOuF1Y7PqtN2zoA7E=
=AAIf
-----END PGP SIGNATURE-----
--uXxzq0nDebZQVNAZ--