Date: Wed, 11 Jan 2012 22:03:56 -0800 From: Adrian Chadd <adrian@freebsd.org> To: Gerald McNulty <gmnt99@gmail.com> Cc: freebsd-hackers@freebsd.org, Robert Watson <rwatson@freebsd.org> Subject: Re: Assigning the PRIV_NETINET_BINDANY privilege required for setsockopt(IP_BINDANY) Message-ID: <CAJ-VmomkBjBEeoYPJktHmofBNA5Db=YBgVzLPRXUyuhXp9-z_g@mail.gmail.com> In-Reply-To: <CAD%2B_bPxs7fc=n6HYTtNKwUXLu9kC8KL%2Bi8P9XvTQbtddicKMRQ@mail.gmail.com> References: <CAD%2B_bPxs7fc=n6HYTtNKwUXLu9kC8KL%2Bi8P9XvTQbtddicKMRQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 11 January 2012 15:26, Gerald McNulty <gmnt99@gmail.com> wrote: > Hello, > > Using IP_BINDANY to facilitate transparent proxying works as specified. > According the ip(4) man page and sys/netinet/ip_output.c, the > PRIV_NETINET_BINDANY privilege is required in order to make a setsockopt() > call with IP_BINDANY. > > I would like to use this in an app that does not run as uid 0. Is it > possible to assign the PRIV_NETINET_BINDANY privilege to a specific uid or > process or can this mechanism only be used in jails to reduce root > privileges further? I'm not sure if the relevant bits of MAC have been committed. Robert? Adrian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAJ-VmomkBjBEeoYPJktHmofBNA5Db=YBgVzLPRXUyuhXp9-z_g>