Re: POSIX.6 (or 1.b now or something)

Dean Gaudet (
Mon, 9 Jun 1997 12:48:43 -0700 (PDT)

I was digging through the code planning to add privs such that:

- you could restrict a port to a specific uid (i.e. tcp 113 can be opened
by news and root only)

- you could restrict the range used to generate the "random" port of a
listening socket with unspecified port (i.e. > 1023, not in 6000..6099)

Does POSIX.6 define this sort of thing too? Any sample source out there?


On Mon, 9 Jun 1997, Chris Evans wrote:

> Hi,
> I think POSIX.6 security would be a great thing to have in Linux 2.2.
> Surely a POSIX.6 implementation (or one based on its ideas) is not too
> much hassle. In fact with finals concluding soon I may attempt it myself
> :)
> However -- I know someone was hacking at POSIX.6 a while back, D. Moffat
> was it? There was even a preliminary patch. Is work still ongoing? Anyone
> got an offical spec. sheet for the thing?
> I ask because I have the number of suid binaries on my system down to a
> very low number, and the following remaining are just begging for a subset
> of root privs:
> ping, traceroute: priv = open raw socket
> ssh,rlogin,rcp,r<etc> priv = open socket num < 1024
> Other useful privilege subsets would of course be read any file, tty
> chowning/chmoding, etc.
> Cheers,
> Chris