Status of innbind and Solaris
Heath Kehoe
hakehoe at avalon.net
Wed May 19 15:49:33 UTC 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On May 19, 2004, at 1:49, Russ Allbery wrote:
> I didn't quite get this finished tonight, but I'm close. A bit more
> work
> on it tomorrow should finish it off.
>
> The problem, as those who have tried to run CURRENT on Solaris know, is
> that the neat hack of creating a socket and then running a setuid root
> helper program to bind the socket only works on operating systems that
> actually implement native Berkeley sockets. On streams-based systems
> like
> Solaris, somehow the privileges of the creator of the socket attach to
> it,
> rather than the privileges of the person running bind, and the
> sub-process
> can't bind even though it has an effective UID of root.
>
[...]
> Comments?
>
Streams systems have an ioctl of I_SENDFD and I_RECVFD for passing a
file
descriptor between processes over a stream pipe. The setuid helper
would
create the socket, bind it, then send the file descriptor of the socket
back to
innd using I_SENDFD. I've used fd passing once before somewhere, I'll
see
if I can find that code. This would be a simpler approach, I_SENDFD
can be
detected with a configure test.
- -heath
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)
iD8DBQFAq4IS4uXPAG0A1J4RAmY9AJ9cpGqqrEsB7zw2MCOuRBsbKLlOCwCfdGa7
vCc65lCa3rH7DkyUEBhA6gI=
=yWxi
-----END PGP SIGNATURE-----
More information about the inn-workers
mailing list