Re: UUIDs (and devfs and major/minor numbers)

Edward S. Marshall (emarshal@logic.net)
Sat, 19 Jun 1999 15:05:56 -0500 (CDT)

On Sat, 19 Jun 1999, Mark H. Wood wrote:
> On Thu, 17 Jun 1999, Dan Hollis wrote:
> > On Thu, 17 Jun 1999, Edward S. Marshall wrote:
> > > On Thu, 17 Jun 1999, Dan Hollis wrote:
> > > > I cant be the only one who would like to do something like:
> > > > # chown named /proc/sys/net/permissions/udp/53
> > > > # chown named /proc/sys/net/permissions/tdp/53
> > > > And then run named non-root.
> > > Ye ghods, yes. What do you get when you readdir()
> > > /proc/sys/net/permissions/udp? All currently bound sockets? 65k files?
> > > (The former would obviously be preferred...)
> >
> > I was thinking of just 1023 files in each. You know, the "privileged"
> > ports.
> >
> > Otherwise it would be hard to set permissions on a privileged port before
> > a program actually opened it 8)

Why limit yourself to priviledged ports? I'd like to be able to ensure
that noone can bind a port unless I've given them permission to do so
(think firewall hosts).

> Create them dynamically when either (1) the socket is bound, or (2) some
> program (e.g. touch) requests to create them. If created on binding, set
> an "ephemeral" bit somewhere. Any metadata operation (chown, chmod, etc.)
> clears the "ephemeral" bit. When the socket is unbound, delete the file
> if the "ephemeral" bit is set.

Bingo. Extension: some form of toggle which prevents sockets from binding
unless the inode already exists in this conceptual sockfs.

-- 
Edward S. Marshall <emarshal@logic.net>       [ What goes up, must come down. ]
http://www.logic.net/~emarshal/               [ Ask any system administrator. ]






-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/