Path: utzoo!utgpu!news-server.csri.toronto.edu!mailrus!uwm.edu!cs.utexas.edu!swrinde!mips!apple!bbn.com!djw
From: djw@bbn.com (David Waitzman)
Newsgroups: comp.unix.internals
Subject: Re: SunOS and shared libraries, security aspects
Message-ID: <59263@bbn.BBN.COM>
Date: 3 Sep 90 21:22:28 GMT
Sender: news@bbn.com
Distribution: usa
Lines: 24

guy@auspex.auspex.com (Guy Harris) writes:

}	1) "rsh" and "rlogin" use super-user privileges to get "privileged"
}	   ports, not to change your uid; "rshd" and "rlogind"...

I occasionally write and distribute programs that need to use raw IP
sockets, roughly the same thing, protection-wise, as a program using
"privileged" ports.  I dislike needing to run the programs set-uid root
(or by root) just to do this one special privileged thing.

How do you all feel about the practice of using a special group that
allows one to access privileged ports or raw IP sockets?  The programs
can then just be run setgid to that group.  The kernel socket opening
code would then allow the opening of privileged or raw sockets to
either user==root or groups includes "priv_socket_group".

Would vendors support this?  We don't have access to Sun kernel source
code anymore here.

I understand that some people may have objections to the piece-meal
addition of finer-granularity access rights to Unix.

thanks,
-david