Russell Coker wrote: > On Wednesday 06 June 2007 20:05, Shachar Shemesh <[EMAIL PROTECTED]> wrote: > >>> What benefits does this offer over authbind which has been in Debian for >>> ages? >>> Before I begin answering your questions, the bug report has a link to technical explanation of how privbind is implemented. Have you read it?
>> It uses a (I think) much more secure mode of operation. In particular: >> - No SUID executables >> - User who launches the daemon must be root >> > > Having a daemon instead of a SUID executable does not inherently make it more > secure (there has been no shortage of exploits for bugs in daemons in the > past). > s/daemon/program that needs low port binding/ privbind does not allow regular users to bind to low ports. Privbind allows root to run program that bind to low port as non-root. > The usual system is that a process with UID != 0 can not bind to ports below > 1024. Breaking this involves increasing the privileges of some programs. > Please read the privbind man page. It does not do what you think it does. > >> And, as a result: >> - No global configuration necessary (though one will probably be added >> later if necessary). >> > > How can there be no global configuration needed? Please read the privbind man page. It does not do what you think it does. > The sysadmin needs to decide > which users are granted the privilege to bind to low ports and which ports > those users may bind to. > Please read the privbind man page. It does not do what you think it does. Shachar -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
