Date: Wed, 22 Jun 2005 16:14:06 +0100 From: Bruce M Simpson <bms@spc.org> To: Mrad James Deane <xtremejames183@msn.com> Cc: freebsd-net@freebsd.org Subject: Re: www user than root Message-ID: <20050622151406.GG791@empiric.icir.org> In-Reply-To: <BAY11-F12EF48C9216082BFB35A7B9CEB0@phx.gbl> References: <BAY11-F12EF48C9216082BFB35A7B9CEB0@phx.gbl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jun 22, 2005 at 05:01:17PM +0200, Mrad James Deane wrote: > hello i want to know how the www user with uid:80 can print on a priviliged > port like 80 rather the root user im very in trouble i did not find a > solution yet mac_portacl is one but it is very experimental please help. > thanks I think you may have meant 'bind' rather than 'print' here? Anyway, the way they used to do this back in the day on Linux at least was to hack the socket code to allow binds to privileged ports by certain users/groups rather than relying solely on the super-user check. You could do something like this in FreeBSD 5-STABLE by hacking the in_pcbbind_setup() function in src/sys/netinet/in_pcb.c to not just call suser_cred(), but to instead perform a group check, by calling groupmember(some_privileged_socket_group, cred). Regards, BMS
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050622151406.GG791>