Re: Ports 0-1023?

[Bruno Morisson <morisson () genhex org>]

On Saturday 06 July 2002 14:07, Kevin Easton wrote:
(snip)
> #define cap_raised(c, flag)  (cap_t(c) & CAP_TO_MASK(flag))
>
> ie, the cap_effective mask of the current task structure is checked against
> the requested capability.  The capability checking code is all good to go -
> it only requires a creative way of selectively setting cap_effective to
> work. I think rather than a proliferation of filesystem "setcap" bits for
> executables, it's likely that a program would remain setuid root, but drop
> all unneeded capabilities as it's first task when run (ie, ping would drop
> all capabilities except CAP_NET_RAW).
>
>       - Kevin.

I looked exactly into that some time ago. I coded a lkm that uses 
capabilites, but with a few more checks, so one can do something like what 
we've been discussing in this thread, that is, allowing "normal" users to 
bind to a specific port < 1024. Since the linux capabilities implementation 
only allows binding to *any* port < 1024, I had to make a few more checks, 
namely checking the port requested to bind to, and only raising 
CAP_NET_BIND_SERVICE if the port matches a defined ACL, otherwise it is 
denied.
I won't go into much more detail here, so if anyone is interested i've put up 
the code on http://genhex.org/gksm.tgz. Read the "README" file included for 
more insight. Keep in mind that this is just example code, it lacks a lot of 
things (and it may even break your kernel), it was just coded to test if it 
could be done.
I'm rewriting all of it, and putting a few more features in, and will release 
that code in the future.

regards,
Bruno Morisson <morisson () genhex org>