Subject: Re: allowing unpriv users to bind to priv ports
To: None <tech-kern@netbsd.org>
From: Matthew Mondor <mmondor@gobot.ca>
List: tech-kern
Date: 09/26/2002 04:45:47
On Wed, 25 Sep 2002 15:26:51 -0400
Joe Reed <jnr@po.cwru.edu> wrote:

> i've been working on a utility to allow unprivilaged users to bind to 
> privilaged ports on a per user/group basis.  the rules are similiar to
> ipf rules and allow for daemons to be run as unprivilaged users, but
> still bind to the proper port (without losing any restriction for any
> other user), with a specific protocol.  these rules only work for ports
> less than the reserved port.  and superuser is always allowed to bind,
> regardless of rules.

I personally like the secure by default, optionally open up idea, I think
however that only a single syscall would be enough to manage the rules...

Matt