In article <[EMAIL PROTECTED]> (at Fri, 22 Sep 2006 02:31:59 -0500), William
Pitcock <[EMAIL PROTECTED]> says:
> This patch allows for a user to disable the requirement to meet the
> CAP_NET_BIND_SERVICE capability for a non-superuser. It is toggled by
> the net.ipv4.allow_lowport_bind_nonsuperuser sysctl value.
Why? I don't think this is a good idea.
> diff --git a/include/linux/sysctl.h b/include/linux/sysctl.h
> index e4b1a4d..c3f7c3c 100644
> --- a/include/linux/sysctl.h
> +++ b/include/linux/sysctl.h
> @@ -411,6 +411,7 @@ enum
> NET_IPV4_TCP_WORKAROUND_SIGNED_WINDOWS=115,
> NET_TCP_DMA_COPYBREAK=116,
> NET_TCP_SLOW_START_AFTER_IDLE=117,
> + NET_IPV4_ALLOW_LOWPORT_BIND_NONSUPERUSER=118,
> };
>
> enum {
This implies all IPv4 protocols including other protocols
such as UDP, SCTP, ...
> @@ -1412,3 +1418,4 @@ EXPORT_SYMBOL(inet_stream_ops);
> EXPORT_SYMBOL(inet_unregister_protosw);
> EXPORT_SYMBOL(net_statistics);
> EXPORT_SYMBOL(sysctl_ip_nonlocal_bind);
> +EXPORT_SYMBOL(sysctl_ip_allow_lowport_bind_nonsuperuser);
Please be aware about indent.
--yoshfuji
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
