On Sun, 12 Oct 1997, Darren Reed wrote:
> You might want to have a look around for implementations already available
> which do this. I'm pretty sure this has been done by a few people already,
> once for Linux and one for FreeBSD. Of course neither solution is what I'd
> call elegant (at this stage) but nor is there anything (that I know of)
> resembling a POSIX standard which defines how it should be done.
Actually there is, POSIX.1e. The particular capability that allows a
process to bind to ports under 1024 is CAP_NET_BIND_SERVICE. You can find
a reference implementation of POSIX capabilities at
http://parc.power.net/morgan/Orange-Linux/linux-privs/
For those not familiar with POSIX.1e is an attempt at standarizing
Capabilities (used to be Priviledges), Labels, MACs, Auditing, and ACLs.
The work under Linux so far has included working capabilities and some
inroads into auditing. Remy Card also claims to have a working ext2fs with
ACLs but he always seems to fall of the face of the earth.
> Darren
Aleph One / aleph1 @
dfw .
net
http://underground.org/
KeyID 1024/948FD6B5
Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01
|
|
