Re: Is this mail list dead?

[Raju Mathur <raju@linux-delhi.org>]

Nono, you got the question wrong!  What I meant was, why should an
arbitrary user process need to bind to ports under 1024?  I can
understand processes providing WKS's needing to bind to
53/110/25/whatever, but why should a user-written deamon ever need to
do that?  If I write the next Gnutella or IRCd, I'll make sure that it
runs on port > 1024, wouldn't I?

Apart from that, I figured that the Linux CAP system seems at the
moment to only provide system-level capabilities, not at process level
as I first understood it to... I'd be glad to be told I'm wrong :)

Regards,

-- Raju

>>>>> "Tracy" == Tracy R Reed <treed@ultraviolet.org> writes:

    Tracy> On Tue, Mar 13, 2001 at 11:39:18AM +0530, Raju Mathur
    Tracy> wrote:
    >> Why would any non-system process /need/ to bind to a port below
    >> 1024?  Or has this question already been answered?

    Tracy> Just because it is a system process doesn't mean it has to
    Tracy> run as root.  That's why.

    >> Isn't this what should be used to grant capabilities to
    >> processes which need to run mainly with user privileges except
    >> for a few system-level access requirements?  Sendmail comes to
    >> mind :-)

    Tracy> Yes.

    Tracy> -- Tracy Reed http://www.ultraviolet.org - Securedistros: A
    Tracy> common list for all secured Linux distributions Archive:
    Tracy> http://humbolt.nl.linux.org/lists/

-- 
Raju Mathur          raju@kandalaya.org           http://kandalaya.org/
-
Securedistros: A common list for all secured Linux distributions
Archive:       http://humbolt.nl.linux.org/lists/