On Wed, Sep 25, 2002 at 03:26:51PM -0400, Joe Reed wrote:
  | hi all,
  | 
  | i've been working on a utility to allow unprivilaged users to
  | bind to privilaged ports on a per user/group basis. the rules
  | are similiar to ipf rules and allow for daemons to be run as
  | unprivilaged users, but still bind to the proper port (without
  | losing any restriction for any other user), with a specific
  | protocol. these rules only work for ports less than the reserved
  | port. and superuser is always allowed to bind, regardless of rules.

hi joe.

i haven't looked at your diffs yet, but i had considered an idea like
this a while ago, and i think the general concept is useful.

*however*, we now have systrace in the tree, and that allows much more
granular control over what system calls may be called.  I have been
meaning to test the following concept for a while:
    *	define IPNOPRIVPORTS in my kernel
    *	set a systrace policy to allow certain uids or gids to bind to
	a specific port (e.g, "uid=named to tcp/udp port 53"  
    *	set a default systrace policy; prevent uid!=0 from binding port < 1024

it would be interesting to hear about people's experiences with this
scenario.

luke.