Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: permission to bind a socket to port 843?
Top Forums UNIX for Dummies Questions & Answers permission to bind a socket to port 843? Post 302313448 by sneakyimp on Tuesday 5th of May 2009 04:49:38 PM
Old 05-05-2009
permission to bind a socket to port 843?
I have written a flash socket security file server in PHP. The basic idea is that when Flash Player connects via socket to a server, the first thing it does is connect to port 843 and send a request for a 'socket policy file' by sending the string <policy-file-request/>.

The problem I have is that in order to launch this daemon script, I apparently need root level access in order to bind a socket to any port under 1024.

Can anyone recommend some way to let this php script bind to port 843 without needing root-level access? That seems like a big security risk to me -- especially if I want to launch this daemon using a php page hosted by apache. giving apache root-level access sounds like a VERY BAD idea.
 

10 More Discussions You Might Find Interesting

1. Programming

socket on serial port

Does anyone know if it's possible to send socket by a serial port ? If yes, how can I find on Irix the value of my serial ports to use with this function : serverSockAddr.sin_port = ? Thanks for all responses ! Kintoo (2 Replies)
Discussion started by: kintoo
2 Replies

2. Solaris

How to allow nonroot user to bind to port 80

We are making some changes, and are now using Weblogic as the webserver on one of my projects. I would like for the non root user running Weblogic to be able to bind to port 80. (10 Replies)
Discussion started by: 98_1LE
10 Replies

3. UNIX for Dummies Questions & Answers

Socket programming:One server two port

I want my server socket to listen on two ports in my machine. How do i achieve it? I will have two clients one connecting to 1 port and another to a different port. So my server needs to listen to both. Thanks. (1 Reply)
Discussion started by: abc.working
1 Replies

4. Programming

Cloning a socket connection, using other port numbers

Hello everybody, I've coded a multi-client server based on internet sockets using the scheme listen on port X-accept-fork, exactly like beej's guide At some point I would like to establish a secondary connection between a client and the server-child serving him. I was considering the... (4 Replies)
Discussion started by: jonas.gabriel
4 Replies

5. UNIX for Dummies Questions & Answers

Socket bind fails

Hi, 1 more new comer with a small problem. I have a Java socket program which tries to bind to a particular socket. It works fine with windows. But in Linux, it says 'address in use'. I tried 'netstat' to find if the port is being used. But it is free. Can anyone help plz? (0 Replies)
Discussion started by: ronyantony
0 Replies

6. Shell Programming and Scripting

Python: Bind to port 80 as root, then drop privileges?

I have written a small web server in Python, and now I would like to run it on port 80, but in order to be able to bind to a port below 1024 I need to have root privileges. I don't want to run the server as root, though. How can I bind to port 80 as root and then drop root privileges? Thankful... (0 Replies)
Discussion started by: Ilja
0 Replies

7. Programming

GetLastError API for socket/bind failure in VxWorks 5.4

Can anyone tell what is the system API for VxWorks which is used to find GetLastError() for socket/bind failure. I need to use it in some VxWorks application and need to call GetLastError but I'm not sure about the correct API. Thanks in advance (1 Reply)
Discussion started by: anilgurwara
1 Replies

8. Programming

Using socket to test a TCP port

Hello, I'm trying to write a small c application to test a tcp port. This works fine for the most part but the default timeout on the connect is very long. I have been reading many posts but and it looks like I need to set the socket to be non-blocking and poll for a result. I have been totally... (2 Replies)
Discussion started by: tjones1105
2 Replies

9. Shell Programming and Scripting

Script to bind to socket

i need to come up with a script that when run from the command line, it will bind to a socket, and listen for tcp connections on a certain port. something like: ### ./connection_listener 5666 i found the following script on the web but when i run it, it complains about "accept" not being... (1 Reply)
Discussion started by: SkySmart
1 Replies

10. IP Networking

Get process id and port from the socket

Hello, Please help me in getting the process id and the port number from the socket netstat -Aan|grep -i closed f100050010b133b8 tcp 0 0 *.* *.* CLOSED f1000500119b53b8 tcp4 0 0 *.* *.* ... (3 Replies)
Discussion started by: Vishal_dba
3 Replies

LEARN ABOUT DEBIAN

mac_portacl

MAC_PORTACL(4)						   BSD Kernel Interfaces Manual 					    MAC_PORTACL(4)

NAME

     mac_portacl -- network port access control policy

SYNOPSIS

     To compile the port access control policy into your kernel, place the following lines in your kernel configuration file:

	   options MAC
	   options MAC_PORTACL

     Alternately, to load the port access control policy module at boot time, place the following line in your kernel configuration file:

	   options MAC

     and in loader.conf(5):

	   mac_portacl_load="YES"

DESCRIPTION

     The mac_portacl policy allows administrators to administratively limit binding to local UDP and TCP ports via the sysctl(8) interface.

     In order to enable the mac_portacl policy, MAC policy must be enforced on sockets (see mac(4)), and the port(s) protected by mac_portacl must
     not be included in the range specified by the net.inet.ip.portrange.reservedlow and net.inet.ip.portrange.reservedhigh sysctl(8) MIBs.

     The mac_portacl policy only affects ports explicitly bound by a user process (either for a listen/outgoing TCP socket, or a send/receive UDP
     socket).  This policy will not limit ports bound implicitly for outgoing connections where the process has not explicitly selected a port:
     these are automatically selected by the IP stack.

     When mac_portacl is enabled, it will control binding access to ports up to the port number set in the security.mac.portacl.port_high
     sysctl(8) variable.  By default, all attempts to bind to mac_portacl controlled ports will fail if not explicitly allowed by the port access
     control list, though binding by the superuser will be allowed, if the sysctl(8) variable security.mac.portacl.suser_exempt is set to a non-
     zero value.

   Runtime Configuration
     The following sysctl(8) MIBs are available for fine-tuning the enforcement of this MAC policy.  All sysctl(8) variables, except
     security.mac.portacl.rules, can also be set as loader(8) tunables in loader.conf(5).

     security.mac.portacl.enabled
	     Enforce the mac_portacl policy.  (Default: 1).

     security.mac.portacl.port_high
	     The highest port number mac_portacl will enforce rules for.  (Default: 1023).

     security.mac.portacl.rules
	     The port access control list is specified in the following format:

		   idtype:id:protocol:port[,idtype:id:protocol:port,...]

	     idtype    Describes the type of subject match to be performed.  Either uid for user ID matching, or gid for group ID matching.

	     id        The user or group ID (depending on idtype) allowed to bind to the specified port.  NOTE: User and group names are not
		       valid; only the actual ID numbers may be used.

	     protocol  Describes which protocol this entry applies to.	Either tcp or udp are supported.

	     port      Describes which port this entry applies to.  NOTE: MAC security policies may not override other security system policies by
		       allowing accesses that they may deny, such as net.inet.ip.portrange.reservedlow / net.inet.ip.portrange.reservedhigh.  If
		       the specified port falls within the range specified, the mac_portacl entry will not function (i.e., even the specified
		       user/group may not be able to bind to the specified port).

     security.mac.portacl.suser_exempt
	     Allow superuser (i.e., root) to bind to all mac_portacl protected ports, even if the port access control list does not explicitly
	     allow this.  (Default: 1).

     security.mac.portacl.autoport_exempt
	     Allow applications to use automatic binding to port 0.  Applications use port 0 as a request for automatic port allocation when bind-
	     ing an IP address to a socket.  This tunable will exempt port 0 allocation from rule checking.  (Default: 1).

SEE ALSO

     mac(3), ip(4), mac_biba(4), mac_bsdextended(4), mac_ifoff(4), mac_mls(4), mac_none(4), mac_partition(4), mac_seeotheruids(4), mac_test(4),
     mac(9)

HISTORY

     MAC first appeared in FreeBSD 5.0 and mac_portacl first appeared in FreeBSD 5.1.

AUTHORS

     This software was contributed to the FreeBSD Project by NAI Labs, the Security Research Division of Network Associates Inc. under
     DARPA/SPAWAR contract N66001-01-C-8035 (``CBOSS''), as part of the DARPA CHATS research program.

BSD
								 December 9, 2004							       BSD
All times are GMT -4. The time now is 09:28 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy