On Tue, May 01, 2001 at 05:48:54AM -0400, Andres Salomon wrote: > Perhaps I'm misunderstanding your proposition, but how is this different > than, say, having inetd listen on ports below 1024, and then > forking/changing to a different user once a connection is made to the port? >
To use inetd, a new process is spawned for each connection, and the daemon has to be written to use identd. With his, it's just like opening on a port above 1024. Although my personal opinion is that it should be controled via user/group, not binary. eg, your webserver user can open port 80. > > > On Sun, Apr 29, 2001 at 07:19:06AM -0400, Sunny Dubey wrote: > <snip> > > > > It would be like having a file called /etc/acl.ports (or something) and > > within the file, would be a list which binaries are allowed to bind to what > > ports. (an example is provided below) > > > > # /etc/acl.ports > > # Port Numbers binary > > 80 /usr/local/apache/bin/httpd > > 22 /usr/local/openssh/sshd > > 21 /usr/local/anonftpd/ftpd -- Adam Olsen, aka Rhamphoryncus
