How can I bind() to a port number < 1024?

  From Andrew Gierth (andrew@erlenstar.demon.co.uk):

  The restriction on access to ports < 1024 is part of a (fairly weak)
  security scheme particular to UNIX. The intention is that servers (for
  example rlogind, rshd) can check the port number of the client, and if
  it is < 1024, assume the request has been properly authorised at the
  client end.

  The practical upshot of this, is that binding a port number < 1024 is
  reserved to processes having an effective UID == root.

  This can, occasionally, itself present a security problem, e.g. when a
  server process needs to bind a well-known port, but does not itself
  need root access (news servers, for example). This is often solved by
  creating a small program which simply binds the socket, then restores
  the real userid and exec()s the real server. This program can then be
  made setuid root.



UNIXguide.net
Suggest a Site