From Andrew Gierth (andrew@erlenstar.demon.co.uk): The restriction on access to ports < 1024 is part of a (fairly weak) security scheme particular to UNIX. The intention is that servers (for example rlogind, rshd) can check the port number of the client, and if it is < 1024, assume the request has been properly authorised at the client end. The practical upshot of this, is that binding a port number < 1024 is reserved to processes having an effective UID == root. This can, occasionally, itself present a security problem, e.g. when a server process needs to bind a well-known port, but does not itself need root access (news servers, for example). This is often solved by creating a small program which simply binds the socket, then restores the real userid and exec()s the real server. This program can then be made setuid root.
|
UNIXguide.net
English to Visayan Cebuano Dictionary |
Suggest a Site
Visayan Cebuano to English Dictionary |