non-root low port binding possible?

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

non-root low port binding possible?

Postby lokey » Sat Oct 23, 2004 2:49 pm

Hi, I was wondering if it were possible to use gradm or grsec to allow non-root users (or possibly a special group) run applications that can bind to ports less than 1024?

I know that it is possible to deny sockets to certain groups, but is it possible to to the reverse and allow any sockets to a certain group?

Thanks!

-Jay
lokey
 
Posts: 1
Joined: Sat Oct 23, 2004 2:42 pm

Postby cmouse » Thu Oct 28, 2004 5:43 pm

Not really. it's not grsecurity only that denies non-root from binding to <1024 ports. The best method for this is to write an application that binds to the port(s) and then does setuid/setgid calls to change itself to non-root.
cmouse
 
Posts: 98
Joined: Tue Dec 17, 2002 10:58 am


Return to grsecurity support

cron