www user than root
Marco Molteni
molter at tin.it
Wed Jun 22 16:09:41 GMT 2005
On Wed, 22 Jun 2005 16:14:06 +0100
Bruce M Simpson <bms at spc.org> wrote:
> On Wed, Jun 22, 2005 at 05:01:17PM +0200, Mrad James Deane wrote:
> > hello i want to know how the www user with uid:80 can print on a
> > priviliged port like 80 rather the root user im very in trouble i
> > did not find a solution yet mac_portacl is one but it is very
> > experimental please help. thanks
>
> I think you may have meant 'bind' rather than 'print' here?
>
> Anyway, the way they used to do this back in the day on Linux at least
> was to hack the socket code to allow binds to privileged ports by
> certain users/groups rather than relying solely on the super-user
> check.
>
> You could do something like this in FreeBSD 5-STABLE by hacking the
> in_pcbbind_setup() function in src/sys/netinet/in_pcb.c to not just
> call suser_cred(), but to instead perform a group check, by calling
> groupmember(some_privileged_socket_group, cred).
I think that the following sysctls do the trick
molter at gattaccio[~]$ sysctl net|grep reserv
net.inet.ip.portrange.reservedhigh: 1023
net.inet.ip.portrange.reservedlow: 0
marco
More information about the freebsd-net
mailing list