From owner-freebsd-arch Mon Sep 4 5:42:22 2000 Delivered-To: freebsd-arch@freebsd.org Received: from segfault.kiev.ua (segfault.kiev.ua [193.193.193.4]) by hub.freebsd.org (Postfix) with ESMTP id 39E0C37B424 for ; Mon, 4 Sep 2000 05:42:18 -0700 (PDT) Received: (from netch@localhost) by segfault.kiev.ua (8) id PQD87124; Mon, 4 Sep 2000 15:41:54 +0300 (EEST) (envelope-from netch) Date: Mon, 4 Sep 2000 15:41:54 +0300 From: Valentin Nechayev To: Maxime Henrion , freebsd-arch@freebsd.org Subject: Re: thought about allocation of the first 1024th ports Message-ID: <20000904154153.D2306@netch.kiev.ua> Reply-To: netch@segfault.kiev.ua References: <20000902180027.A13029@cybercable.fr> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <20000902180027.A13029@cybercable.fr>; from mux@qualys.com on Sat, Sep 02, 2000 at 03:58:48PM +0000 X-42: On Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Sat, Sep 02, 2000 at 15:58:48, mux wrote about "thought about allocation of the first 1024th ports": > On most Unix systems and on FreeBSD, the first 1024th ports can't be allocated by a > non-root process. As far as I know, this is justfied because services running on these [skip] > What I wonder now is if an application-independant mechanism to permit some ports below > 1024 to be bound to sockets not owned by root processes would be useful. You assign in a I had made patches to allow ACL for ports binding, tested for 3.3 and 4.0. See http://www.lucky.net/~netch/unix/FreeBSD/portacl/ But it does not use any Posix.1e-compatible- or -inspired- API, but has ipfw(8)-similar interface. If someone (rwatson?) can say what API style is "ideologically approved", I can rewrite it. Also it does not have English documentation (only Russian) yet. /netch To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message