| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4742B3A3.2050103@univits.com> Date: Tue, 20 Nov 2007 11:14:59 +0100 From: Mikael Ståldal <mikael.staldal-ingen-reklam@...vits.com> To: linux-kernel@...r.kernel.org Subject: Possibility to adjust the only-root-can-bind-to-port-under-1024 limit In Linux you have to be root in order to listen to TCP or UDP ports below 1024 (the well-known ports). As far as I know, this limit is hardcoded in the kernel. In some cases, this limit do more harm than good, so it would be nice to be able to adjust it. FreeBSD have a pair of sysctl parameters allowing you to adjust (or effectively remove) this limit, net.inet.ip.portrange.reservedlow and net.inet.ip.portrange.reservedhigh. It would be nice if something similar to net.inet.ip.portrange.reservedhigh was implemented in Linux (with default value 1023). I have no patch for this, since I have never done any kernel hacking before. But it seems like it should be easy to implement by replacing the PROT_SOCK constant with net.inet.ip.portrange.reservedhigh + 1. (See my blog post for a more elaborate discussion about this: http://www.staldal.nu/tech/2007/10/31/why-can-only-root-listen-to-ports-below-1024/) /Mikael - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists