Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
tyingq
on July 6, 2017
|
parent
|
context
|
favorite
| on:
Privileged Ports Are Expensive (2016)
Also only works for actual binaries, not scripts. Well, you can write a short exec wrapper I suppose.
voltagex_
on July 7, 2017
[–]
Hm. Why doesn't it work for scripts? I thought the capabilities were stored in the filesystem?
tetromino_
on July 7, 2017
|
parent
|
next
[–]
An OS that allows shebang scripts to have setuid or capabilities ends up allowing security holes, as seen in traditional Unix variants; see
http://www.faqs.org/faqs/unix-faq/faq/part4/section-7.html
and
https://www.in-ulm.de/~mascheck/various/shebang/#setuid
Therefore, Linux simply doesn't allow it.
ClashTheBunny
on July 7, 2017
|
parent
|
prev
[–]
Because the script is probably not what is actually opening the port. It is going to execute something else that will open the port.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search: