Date: Mon, 11 Oct 2021 16:24:37 +0000 (UTC) From: Maxim Konovalov <maxim@maxim.int.ru> To: Yuri <yuri@FreeBSD.org> Cc: Freebsd hackers list <freebsd-hackers@FreeBSD.org> Subject: Re: Possible to start the process with setuid while allowing it to listen on privileged ports? Message-ID: <dbfaf2da-4be0-2c64-47e-30c2e2bc33f1@maxim.int.ru> In-Reply-To: <6e98975c-34e5-246f-5b86-700b5f847815@rawbw.com> References: <6e98975c-34e5-246f-5b86-700b5f847815@rawbw.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 11 Oct 2021, 08:50-0700, Yuri wrote: > Normal way to do this is for the application to first listen on the port and > then setuid. > > My question is about the situation when the application isn't willing to do > this. > > The project author says that setuid is too difficult in Go and Linux allows to > do this through systemd: > > https://github.com/coredns/coredns/issues/4917#issuecomment-939892548 > > Can in FreeBSD the process be run as a regular user but still be allowed to > bind to privileged ports? > This could be possible to implement with mac_portacl(4). -- Maxim Konovalov
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?dbfaf2da-4be0-2c64-47e-30c2e2bc33f1>