Re: Possible to start the process with setuid while allowing it to listen on privileged ports?

Reply: Yuri : "Re: Possible to start the process with setuid while allowing it to listen on privileged ports?"
In reply to: Yuri : "Possible to start the process with setuid while allowing it to listen on privileged ports?"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Maxim Konovalov <maxim_at_maxim.int.ru>
Date: Mon, 11 Oct 2021 16:24:37 UTC

On Mon, 11 Oct 2021, 08:50-0700, Yuri wrote:

> Normal way to do this is for the application to first listen on the port and
> then setuid.
>
> My question is about the situation when the application isn't willing to do
> this.
>
> The project author says that setuid is too difficult in Go and Linux allows to
> do this through systemd:
>
> https://github.com/coredns/coredns/issues/4917#issuecomment-939892548
>
> Can in FreeBSD the process be run as a regular user but still be allowed to
> bind to privileged ports?
>
This could be possible to implement with mac_portacl(4).

-- 
Maxim Konovalov