Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 22 Jun 2005 16:14:06 +0100
From:      Bruce M Simpson <bms@spc.org>
To:        Mrad James Deane <xtremejames183@msn.com>
Cc:        freebsd-net@freebsd.org
Subject:   Re: www user than root
Message-ID:  <20050622151406.GG791@empiric.icir.org>
In-Reply-To: <BAY11-F12EF48C9216082BFB35A7B9CEB0@phx.gbl>
References:  <BAY11-F12EF48C9216082BFB35A7B9CEB0@phx.gbl>

next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jun 22, 2005 at 05:01:17PM +0200, Mrad James Deane wrote:
> hello i want to know how the www user with uid:80 can print on a priviliged 
> port like 80 rather the root user  im very in trouble i did not find a 
> solution yet mac_portacl is one but it is very experimental please help.
> thanks

I think you may have meant 'bind' rather than 'print' here?

Anyway, the way they used to do this back in the day on Linux at least was
to hack the socket code to allow binds to privileged ports by certain
users/groups rather than relying solely on the super-user check.

You could do something like this in FreeBSD 5-STABLE by hacking the
in_pcbbind_setup() function in src/sys/netinet/in_pcb.c to not just
call suser_cred(), but to instead perform a group check, by calling
groupmember(some_privileged_socket_group, cred).

Regards,
BMS



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050622151406.GG791>