Assigning the PRIV_NETINET_BINDANY privilege required for setsockopt(IP_BINDANY)

Gerald McNulty gmnt99 at
Wed Jan 11 23:56:00 UTC 2012


Using IP_BINDANY to facilitate transparent proxying works as specified.
According the ip(4) man page and sys/netinet/ip_output.c, the
PRIV_NETINET_BINDANY privilege is required in order to make a setsockopt()
call with IP_BINDANY.

I would like to use this in an app that does not run as uid 0. Is it
possible to assign the PRIV_NETINET_BINDANY privilege to a specific uid or
process or can this mechanism only be used in jails to reduce root
privileges further?

Thank you

Gerald McNulty

More information about the freebsd-hackers mailing list