How can I bind() to a port number < 1024?
Unix Socket FAQ for Network programming
(Continued from previous question...)
How can I bind() to a port number < 1024?
The restriction on access to ports < 1024 is part of a (fairly weak)
security scheme particular to UNIX. The intention is that servers (for
example rlogind, rshd) can check the port number of the client, and if
it is < 1024, assume the request has been properly authorised at the
client end.
The practical upshot of this, is that binding a port number < 1024 is
reserved to processes having an effective UID == root.
This can, occasionally, itself present a security problem, e.g. when a
server process needs to bind a well-known port, but does not itself
need root access (news servers, for example). This is often solved by
creating a small program which simply binds the socket, then restores
the real userid and exec()s the real server. This program can then be
made setuid root.
(Continued on next question...)
Other Interview Questions
|