Grabbing file descriptors with pidfd_getfd()

Posted Jan 10, 2020 13:39 UTC (Fri) by miquels (guest, #59247)
In reply to: Grabbing file descriptors with pidfd_getfd() by Karellen
Parent article: Grabbing file descriptors with pidfd_getfd()

Or things like authbind and innbind ?

Grabbing file descriptors with pidfd_getfd()

Posted Jan 10, 2020 14:29 UTC (Fri) by Karellen (subscriber, #67644) [Link] (1 responses)

Thanks for pointing to those!

However, I'd have reservations about using authbind - LD_PRELOAD is handy for debugging and trying weird tricks out, but I'm wary about using it in production systems.

innbind looks much cleaner, and certainly would allow you to write a program that could bind to privileged ports without needing to run as root, but as far as I can tell it allows any program on the system to bind privileged ports. If you installed it so that only members of a specific group were able to run it, and limited which programs ran as members of that group, that could work.

Grabbing file descriptors with pidfd_getfd()

Posted Jan 10, 2020 15:14 UTC (Fri) by nix (subscriber, #2304) [Link]

innbind is usually installed mode 1550, group news, so it's only executable by things in the Usenet news subsystem, which are all in the same trust domain.