From owner-freebsd-net@FreeBSD.ORG Thu Jun 23 13:23:37 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4F65F16A41C for ; Thu, 23 Jun 2005 13:23:37 +0000 (GMT) (envelope-from maxim@macomnet.ru) Received: from mp2.macomnet.net (mp2.macomnet.net [195.128.64.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id B130D43D1D for ; Thu, 23 Jun 2005 13:23:36 +0000 (GMT) (envelope-from maxim@macomnet.ru) Received-SPF: pass (mp2.macomnet.net: domain of maxim@macomnet.ru designates 127.0.0.1 as permitted sender) receiver=mp2.macomnet.net; client_ip=127.0.0.1; envelope-from=maxim@macomnet.ru; Received: from localhost (localhost [127.0.0.1]) by mp2.macomnet.net (8.12.11/8.12.11) with ESMTP id j5NDNN9F019748; Thu, 23 Jun 2005 17:23:34 +0400 (MSD) (envelope-from maxim@macomnet.ru) Date: Thu, 23 Jun 2005 17:23:23 +0400 (MSD) From: Maxim Konovalov To: Bruce M Simpson In-Reply-To: <20050622151406.GG791@empiric.icir.org> Message-ID: <20050623172219.K19717@mp2.macomnet.net> References: <20050622151406.GG791@empiric.icir.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Cc: freebsd-net@freebsd.org, Mrad James Deane Subject: Re: www user than root X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Jun 2005 13:23:37 -0000 [...] > You could do something like this in FreeBSD 5-STABLE by hacking the > in_pcbbind_setup() function in src/sys/netinet/in_pcb.c to not just > call suser_cred(), but to instead perform a group check, by calling > groupmember(some_privileged_socket_group, cred). mac_portacl(4) -- Maxim Konovalov