You are not currently logged in. If you do not have a user account then please consider creating one and logging in before you post your comment. This will allow you to track replies to your comment, and take part in the site much more freely.

To add your comment, fill in all the boxes below and then preview it to make sure you're happy with the way that it looks.

This is the comment you were replying to, attached to the article Running network services as a non-root user.:

#3 Re: Running network services as a non-root user. Posted by simonw (84.45.xx.xx) on Wed 19 Apr 2006 at 21:36 Steve, perhaps you can answer a question I've long had, "why don't we fix the kernel for this?". I've read the relevant code, it basically says "if port less than 1024 then check calling process uid is 0", and it would appear simple to me to change the check such that the calling process has the same uid as a user defined in "/etc/service_owner". 21:vsftp 25:mail-listener 80:www-data Then there would be no need for a root privilege to bind to ports below 1024, and great swathes of weird solutions, and whole classes of root exploit would "just die". This always struck me as application programmers working around a broken design, but maybe I'm being naive?

Inappropriate comments will be removed.

Username:

Password:

[ Advanced Login ]

Register Account