lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20071120202306.65e6036c@astralstorm.puszkin.org>
Date:	Tue, 20 Nov 2007 20:23:06 +0100
From:	Radoslaw Szkodzinski (AstralStorm) <lkml@...ralstorm.puszkin.org>
To:	Mikael Ståldal <mikael.staldal@...vits.com>
Cc:	linux-kernel@...r.kernel.org
Subject: Re: Possibility to adjust the only-root-can-bind-to-port-under-1024
 limit

On Tue, 20 Nov 2007 17:09:35 +0100
Mikael Ståldal <mikael.staldal@...vits.com> wrote:

> Hello.
> 
> > The proper way to enable port <= 1024 binding support is adding CAP_NET_BIND_SERVICE 
>  > to the process capability set, e.g. by using file-system capabilities.
> 
> Is file-system capabilites part of the stable official Linux kernel? From which version?
> How do I use it?
> 

They were recently added in 2.6.24-rc1.
(mostly commit b53767719b6cd8789392ea3e7e2eb7b8906898f0)
The patch should be easy to backport, I've seen it in various
distro kernels.

According to the commit, documentation is at
http://www.friedhoff.org/fscaps.html

Some programs already have capability support - they
drop all permissions they don't need.

Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ